6.8
CVE-2026-9699
- EPSS 0.33%
- Veröffentlicht 26.06.2026 14:43:51
- Zuletzt bearbeitet 26.06.2026 16:16:37
- Quelle responsibledisclosure@mattermo
- CVE-Watchlists
- Unerledigt
Mattermost Agents plugin logs unsanitized OpenAI API keys on authentication errors
Mattermost Plugins versions <=11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to server logs or support packets to obtain a valid or partially reconstructable OpenAI API key via inspection of mattermost.log entries generated during authentication failures. Mattermost Advisory ID: MMSA-2026-00609
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerMattermost
≫
Produkt
Mattermost
Default Statusunaffected
Version <=
10.18.11
Version
0
Status
affected
Version <=
11.3.6
Version
0
Status
affected
Version <=
11.6.5
Version
0
Status
affected
Version
11.7.0
Status
unaffected
Version
10.11.19
Status
unaffected
Version
11.6.4
Status
unaffected
Version
11.5.7
Status
unaffected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.33% | 0.243 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| responsibledisclosure@mattermost.com | 6.8 | 2.3 | 4 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
|
CWE-532 Insertion of Sensitive Information into Log File
The product writes sensitive information to a log file.
https://mattermost.com/security-updates