CVE-2026-8683
- EPSS 0.2%
- Veröffentlicht 15.06.2026 14:06:21
- Zuletzt bearbeitet 16.06.2026 17:18:55
Mattermost Desktop App versions <=6.1 5.5.13.0 fail to account for attempting to open extremely long URLs in the Mattermost Desktop App which allows a malicious server owner to crash the application via including a script to call window.open on a ver...
CVE-2026-6517
- EPSS 0.19%
- Veröffentlicht 15.06.2026 13:55:25
- Zuletzt bearbeitet 16.06.2026 16:54:47
Mattermost Desktop App versions <=6.1 5.5.13.0 fail to restrict the allow list of domains to which NTLM credentials were forwarded to in the Mattermost Desktop App which allows any user on a server without the image proxy enabled to intercept other u...
CVE-2026-3471
- EPSS 0.18%
- Veröffentlicht 18.05.2026 08:45:44
- Zuletzt bearbeitet 05.06.2026 17:43:51
Mattermost Desktop App versions <=6.1 6.0.1 5.4.13.0 fail to prevent an invalid URL from loading in a pop-up window in the Mattermost Desktop App which allows a malicious server owner to repeated crash the application via calling {{window.open('javas...
CVE-2026-4643
- EPSS 0.17%
- Veröffentlicht 18.05.2026 08:43:34
- Zuletzt bearbeitet 05.06.2026 17:44:47
Mattermost Desktop App versions <=6.1 6.0.1 5.4.13.0 fail to prevent server-rendered content from closing an underlying application view in the Mattermost Desktop App which allows a malicious server or plugin to crash the desktop client via invoking ...
CVE-2026-1628
- EPSS 0.14%
- Veröffentlicht 02.03.2026 13:24:21
- Zuletzt bearbeitet 05.03.2026 16:07:40
Mattermost Desktop App versions <=5.13.3 fail to attach listeners restricting navigation to external sites within the Mattermost app which allows a malicious server to expose preload script functionality to untrusted servers via having a user open an...
CVE-2026-1046
- EPSS 0.24%
- Veröffentlicht 16.02.2026 12:10:38
- Zuletzt bearbeitet 23.03.2026 17:27:17
Mattermost Desktop App versions <=6.0 6.2.0 5.2.13.0 fail to validate help links which allows a malicious Mattermost server to execute arbitrary executables on a user’s system via the user clicking on certain items in the Help menu Mattermost Advisor...
CVE-2025-13326
- EPSS 0.09%
- Veröffentlicht 17.12.2025 18:14:14
- Zuletzt bearbeitet 18.12.2025 19:47:06
Mattermost Desktop App versions <6.0.0 fail to enable the Hardened Runtime on the Mattermost Desktop App when packaged for Mac App Store which allows an attacker to inherit TCC permissions via copying the binary to a tmp folder.
CVE-2025-13321
- EPSS 0.1%
- Veröffentlicht 17.12.2025 18:14:12
- Zuletzt bearbeitet 18.12.2025 19:41:30
Mattermost Desktop App versions <6.0.0 fail to sanitize sensitive information from Mattermost logs and clear data on server deletion which allows an attacker with access to the users system to gain access to potentially sensitive information via read...
CVE-2025-55035
- EPSS 0.3%
- Veröffentlicht 16.10.2025 15:18:25
- Zuletzt bearbeitet 29.10.2025 18:31:15
Mattermost Desktop App versions <=5.13.0 fail to manage modals in the Mattermost Desktop App that stops a user with a server that uses basic authentication from accessing their server which allows an attacker that provides a malicious server to the u...
CVE-2025-58084
- EPSS 0.28%
- Veröffentlicht 13.10.2025 20:15:33
- Zuletzt bearbeitet 29.10.2025 13:34:07
Mattermost Desktop App versions <= 5.13.0 fail to validate URLs external to the configured Mattermost servers, allowing an attacker on a server the user has configured to crash the user's application by sending the user a malformed URL.