Zurück zur CVE-Übersicht
CVE-2026-10085
MEDIUM(5.4)CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Risk Signal Score24/100 — NIEDRIG
- CVSS 5.4 — Mittel
- Weniger als 24 Stunden alt
Beschreibung
Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to restrict the group_constrained channel flag to public and private channels that support group synchronization, which allows an ordinary group or direct message member to remove all participants from the conversation via the channel patch API.. Mattermost Advisory ID: MMSA-2026-00688