7.6

CVE-2026-1046

Medienbericht

Arbitrary application execution via unvalidated server-controlled URLs in Help menu

Mattermost Desktop App versions <=6.0 6.2.0 5.2.13.0 fail to validate help links which allows a malicious Mattermost server to execute arbitrary executables on a user’s system via the user clicking on certain items in the Help menu Mattermost Advisory ID: MMSA-2026-00577
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MattermostMattermost Desktop Version >= 5.13.2 < 5.13.3
MattermostMattermost Desktop Version >= 6.0.0 < 6.0.3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.141
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
responsibledisclosure@mattermost.com 7.6 2.3 4.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:L
CWE-939 Improper Authorization in Handler for Custom URL Scheme

The product uses a handler for a custom URL scheme, but it does not properly restrict which actors can invoke the handler using the scheme.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
11.05.2026 16:03
https://mattermost.com/security-updates
Vendor Advisory