{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28741", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "state": "PUBLISHED", "assignerShortName": "Mattermost", "dateReserved": "2026-03-10T13:45:39.984Z", "datePublished": "2026-04-15T10:13:33.950Z", "dateUpdated": "2026-04-15T15:39:52.265Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Mattermost", "vendor": "Mattermost", "versions": [{"lessThanOrEqual": "10.11.12", "status": "affected", "version": "10.11.0", "versionType": "semver"}, {"lessThanOrEqual": "11.5.0", "status": "affected", "version": "11.5.0", "versionType": "semver"}, {"lessThanOrEqual": "11.4.2", "status": "affected", "version": "11.4.0", "versionType": "semver"}, {"lessThanOrEqual": "11.3.2", "status": "affected", "version": "11.3.0", "versionType": "semver"}, {"version": "10.11.13", "status": "unaffected"}, {"version": "11.5.1", "status": "unaffected"}, {"version": "11.4.3", "status": "unaffected"}, {"version": "11.3.3", "status": "unaffected"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Eva Sarafianou"}], "descriptions": [{"lang": "en", "value": "Mattermost versions 10.11.x <= 10.11.12, 11.5.x <= 11.5.0, 11.4.x <= 11.4.2, 11.3.x <= 11.3.2 fail to validate CSRF tokens on an authentication endpoint which allows an attacker to update a user's authentication method via a CSRF attack by tricking a user into visiting a malicious page. Mattermost Advisory ID: MMSA-2026-00625"}], "metrics": [{"cvssV3_1": {"attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "baseSeverity": "MEDIUM", "baseScore": 6.8}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-352: Cross-Site Request Forgery (CSRF)", "cweId": "CWE-352"}]}], "references": [{"url": "https://mattermost.com/security-updates", "name": "MMSA-2026-00625", "tags": ["vendor-advisory"]}], "solutions": [{"value": "Update Mattermost to versions 10.11.13, 11.5.1, 11.4.3, 11.3.3 or higher.", "lang": "en"}], "source": {"advisory": "MMSA-2026-00625", "defect": ["https://mattermost.atlassian.net/browse/MM-67789"], "discovery": "EXTERNAL"}, "title": "CSRF Protection Bypass Allows Updating a User's Authentication Method", "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2026-04-15T10:13:33.950Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-15T15:39:07.449816Z", "id": "CVE-2026-28741", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T15:39:52.265Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-28741", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-15T15:39:07.449816Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T15:39:11.734Z"}}], "cna": {"title": "CSRF Protection Bypass Allows Updating a User's Authentication Method", "source": {"defect": ["https://mattermost.atlassian.net/browse/MM-67789"], "advisory": "MMSA-2026-00625", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Eva Sarafianou"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Mattermost", "product": "Mattermost", "versions": [{"status": "affected", "version": "10.11.0", "versionType": "semver", "lessThanOrEqual": "10.11.12"}, {"status": "affected", "version": "11.5.0", "versionType": "semver", "lessThanOrEqual": "11.5.0"}, {"status": "affected", "version": "11.4.0", "versionType": "semver", "lessThanOrEqual": "11.4.2"}, {"status": "affected", "version": "11.3.0", "versionType": "semver", "lessThanOrEqual": "11.3.2"}, {"status": "unaffected", "version": "10.11.13"}, {"status": "unaffected", "version": "11.5.1"}, {"status": "unaffected", "version": "11.4.3"}, {"status": "unaffected", "version": "11.3.3"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update Mattermost to versions 10.11.13, 11.5.1, 11.4.3, 11.3.3 or higher."}], "references": [{"url": "https://mattermost.com/security-updates", "name": "MMSA-2026-00625", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "Mattermost versions 10.11.x <= 10.11.12, 11.5.x <= 11.5.0, 11.4.x <= 11.4.2, 11.3.x <= 11.3.2 fail to validate CSRF tokens on an authentication endpoint which allows an attacker to update a user's authentication method via a CSRF attack by tricking a user into visiting a malicious page. Mattermost Advisory ID: MMSA-2026-00625"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352: Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2026-04-15T10:13:33.950Z"}}}, "cveMetadata": {"cveId": "CVE-2026-28741", "state": "PUBLISHED", "dateUpdated": "2026-04-15T15:39:52.265Z", "dateReserved": "2026-03-10T13:45:39.984Z", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "datePublished": "2026-04-15T10:13:33.950Z", "assignerShortName": "Mattermost"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Mattermost versions 10.11.x <= 10.11.12, 11.5.x <= 11.5.0, 11.4.x <= 11.4.2, 11.3.x <= 11.3.2 fail to validate CSRF tokens on an authentication endpoint which allows an attacker to update a user's authentication method via a CSRF attack by tricking a user into visiting a malicious page. Mattermost Advisory ID: MMSA-2026-00625"}], "id": "CVE-2026-28741", "lastModified": "2026-04-15T11:16:33.450", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.2, "source": "responsibledisclosure@mattermost.com", "type": "Secondary"}]}, "published": "2026-04-15T11:16:33.450", "references": [{"source": "responsibledisclosure@mattermost.com", "url": "https://mattermost.com/security-updates"}], "sourceIdentifier": "responsibledisclosure@mattermost.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "responsibledisclosure@mattermost.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[10.11.0,10.11.12]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "11.5.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[11.4.0,11.4.2]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[11.3.0,11.3.2]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "10.11.13"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "11.5.1"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "11.4.3"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "11.3.3"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Mattermost", "source": "cna", "vendor": "Mattermost"}, "product": "mattermost", "vendor": "mattermost"}], "analysis": {"en": {"generated_at": "2026-04-15T11:53:30.599208+00:00", "value": {"mitigation_remediation": ["Apply a Mattermost update to version 10.11.13, 11.5.1, 11.4.3, 11.3.3, or a newer release that addresses CSRF validation.", "If an immediate update is unavailable, deploy an auxiliary CSRF mitigation such as a web application firewall or enforce stricter same-site cookie policies to reduce the attack surface.", "Restrict access to the authentication endpoint by applying network segmentation or limiting allowed IP addresses to mitigate CSRF risk."], "summary": {"action": "Immediate Patch", "impact": "Modification of user authentication"}, "threat_synthesis": {"affected_systems": "The flaw affects Mattermost deployments running versions 10.11.x through 10.11.12, 11.5.x through 11.5.0, 11.4.x through 11.4.2, and 11.3.x through 11.3.2. All affected instances are susceptible if they have the vulnerable authentication endpoint exposed.", "description_and_impact": "The vulnerability lies in the lack of CSRF token validation on an authentication endpoint, a security weakness categorized as CWE\u2011352. An attacker can force an authenticated user to execute a forged request that changes the user\u2019s authentication method, potentially granting the attacker control over that account. This modification subverts the intended authentication flow and can lead to unauthorized access to a user\u2019s data.", "risk_and_exploitability": "The CVSS base score of 6.8 classifies the issue as moderately severe, and the lack of an EPSS score indicates no current evidence of exploitation. The flaw is not listed in the CISA KEV catalog, suggesting it has not yet been actively leveraged. However, its exploit requires a victim to visit a malicious page, making a CSRF attack the likely vector. The vulnerability can be exploited without privileged access and only needs the victim to be authenticated to the target Mattermost instance."}}}}, "created": "2026-04-15T13:44:47.516782+00:00", "updated": "2026-04-15T13:49:14.855122+00:00", "vendors": ["mattermost", "mattermost$PRODUCT$mattermost"]}