File Access Vulnerability in Mattermost by Mattermost Inc.
CVE-2026-3473

5.9MEDIUM

Key Information:

Vendor: Mattermost
Status: Mattermost
Vendor: CVE Published:; 22 May 2026

What is CVE-2026-3473?

Mattermost versions up to 11.6.0, 11.5.3, 11.4.4, and 10.11.14 have a significant flaw that fails to properly validate file ownership and enforce access control. This allows authenticated users to exploit the Boards API by utilizing legitimate file IDs, potentially accessing and downloading files belonging to other users or teams, thereby compromising sensitive information. For detailed insights, refer to the Mattermost Advisory at MMSA-2026-00620.

Affected Version(s)

Mattermost 11.6.0

Mattermost 11.5.0 <= 11.5.3

Mattermost 11.4.0 <= 11.4.4

References

https://mattermost.com/security-updates

vendor-advisory

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 22, 2026
Vulnerability Reserved
Mar 3, 2026

Credit

eahmed

CVE-2026-3473 Data

JSON