Loading market data...
← Back to CVE feed

CVE-2026-10085

MEDIUM CVSS 5.4 View on NVD ↗

Description

Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to restrict the group_constrained channel flag to public and private channels that support group synchronization, which allows an ordinary group or direct message member to remove all participants from the conversation via the channel patch API.. Mattermost Advisory ID: MMSA-2026-00688

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Published: Jul 13, 2026 09:16 UTC Modified: Jul 13, 2026 17:01 UTC