3.1
CVE-2026-4053
- EPSS 0.04%
- Veröffentlicht 15.05.2026 18:42:47
- Zuletzt bearbeitet 15.05.2026 19:17:04
- Quelle responsibledisclosure@mattermo
- CVE-Watchlists
- Unerledigt
post edit time limit is not enforced on some post update operations
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to enforce the PostEditTimeLimit on non-message post fields which allows an authenticated user to modify post file attachments, props, and pin status after the edit window has expired via the post patch and update API endpoints.. Mattermost Advisory ID: MMSA-2026-00631
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerMattermost
≫
Produkt
Mattermost
Default Statusunaffected
Version <=
11.5.1
Version
11.5.0
Status
affected
Version <=
10.11.13
Version
10.11.0
Status
affected
Version
11.6.0
Status
unaffected
Version
11.5.2
Status
unaffected
Version
10.11.14
Status
unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.109 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| responsibledisclosure@mattermost.com | 3.1 | 1.6 | 1.4 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
|
CWE-672 Operation on a Resource after Expiration or Release
The product uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.