Path Traversal Vulnerability in Mattermost by Mattermost
CVE-2026-6961
7.6HIGH
What is CVE-2026-6961?
Mattermost suffers from a path traversal vulnerability that allows an attacker controlling a federated server to exploit inadequate sanitization of the FileInfo.Name parameter. During shared channel file synchronization, users may be at risk as malicious filenames can be manipulated to write files into arbitrary locations within the target server's filestore. This flaw potentially jeopardizes file integrity and server security.
Affected Version(s)
Mattermost 11.6.0 <= 11.6.1
Mattermost 11.5.0 <= 11.5.4
Mattermost 10.11.0 <= 10.11.15