CVE-2026-6347

Published May 18, 2026

Last updated 7 days ago

CVSS high 7.6

Overview

Description
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to sanitize sensitive configuration fields in the Mattermost Calls plugin which allows an attacker with access to a support packet to obtain TURN server credentials via the plaintext values present in the exported plugin configuration.. Mattermost Advisory ID: MMSA-2026-00605
Source
responsibledisclosure@mattermost.com
NVD status
Analyzed
Products
mattermost_server

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.6
Impact score
4.7
Exploitability score
2.3
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
Severity
HIGH

Weaknesses

responsibledisclosure@mattermost.com
CWE-200

Social media

Hype score
Not currently trending

  1. ⚡ New CVE Alert: CVE-2026-6347 📊 Severity: 7.6 🚨 Risk Level: High 🧩 Affects: Multiple / Unspecified Products Reference: https://t.co/RJ5O8IDcQj #CVE-2026-6347 #CVE #High  #CyberSecurity #InfoSec https://t.co/ttubIECAxB

    @CVEarity

    18 May 2026

    60 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to check integration URL for path traversal which allows an malicious authenticated user to call an arbitrary API via system admin Mattermost auth token using via path traversal in integration action URL.. Mattermost Advisory ID: MMSA-2026-00640CVE-2026-4858
  2. Mattermost versions 11.5.x <= 11.5.1 fail to validate team-level run_create permission against the target team when creating a playbook run which allows an authenticated team member to create runs in teams where they lack permission via specifying a different team ID in the run creation API request. Mattermost Advisory ID: MMSA-2026-00629CVE-2026-4055
  3. Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to sanitize sensitive configuration fields before including them in support packet generation, which allows a Mattermost System Admin or any party with access to a support packet to obtain sensitive credentials in plaintext via downloading a support packet from the System Console.. Mattermost Advisory ID: MMSA-2026-00607CVE-2026-6346
  4. Mattermost versions 11.5.x <= 11.5.1 fail to verify channel membership when processing AI-assisted message rewrites which allows an authenticated attacker to read the content of threads in private channels and direct messages they do not have access to via a crafted request to the post rewrite endpoint.. Mattermost Advisory ID: MMSA-2026-00645CVE-2026-5163
  5. Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail prevent disclosure of created user password which allows a malicious attacker to impersonate a user via the use of some of those passwords.. Mattermost Advisory ID: MMSA-2026-00614CVE-2026-6345

References

Sources include official advisories and independent security research.