{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3495", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "state": "PUBLISHED", "assignerShortName": "Mattermost", "dateReserved": "2026-03-03T17:33:56.666Z", "datePublished": "2026-05-18T06:58:29.673Z", "dateUpdated": "2026-05-18T14:33:30.914Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Mattermost", "vendor": "Mattermost", "versions": [{"lessThanOrEqual": "11.5.1", "status": "affected", "version": "11.5.0", "versionType": "semver"}, {"lessThanOrEqual": "10.11.13", "status": "affected", "version": "10.11.0", "versionType": "semver"}, {"version": "11.6.0", "status": "unaffected"}, {"version": "11.5.2", "status": "unaffected"}, {"version": "10.11.14", "status": "unaffected"}]}], "credits": [{"lang": "en", "type": "finder", "value": "shoodagiri"}], "descriptions": [{"lang": "en", "value": "Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to escape some variables that could contain malicious content during error page composition which allows an attacker with access to edit some site configuration to execute some malicious code via injecting some JS as part of those values.. Mattermost Advisory ID: MMSA-2026-00622"}], "metrics": [{"cvssV3_1": {"attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "baseSeverity": "LOW", "baseScore": 3.8}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79"}]}], "references": [{"url": "https://mattermost.com/security-updates", "name": "MMSA-2026-00622", "tags": ["vendor-advisory"]}], "solutions": [{"value": "Update Mattermost to versions 11.6.0, 11.5.2, 10.11.14 or higher.", "lang": "en"}], "source": {"advisory": "MMSA-2026-00622", "defect": ["https://mattermost.atlassian.net/browse/MM-67766"], "discovery": "EXTERNAL"}, "title": "Unescaped variables during error page composition", "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2026-05-18T06:58:29.673Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-18T14:33:19.230906Z", "id": "CVE-2026-3495", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-18T14:33:30.914Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3495", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-05-18T14:33:19.230906Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-18T14:33:26.384Z"}}], "cna": {"title": "Unescaped variables during error page composition", "source": {"defect": ["https://mattermost.atlassian.net/browse/MM-67766"], "advisory": "MMSA-2026-00622", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "shoodagiri"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.8, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Mattermost", "product": "Mattermost", "versions": [{"status": "affected", "version": "11.5.0", "versionType": "semver", "lessThanOrEqual": "11.5.1"}, {"status": "affected", "version": "10.11.0", "versionType": "semver", "lessThanOrEqual": "10.11.13"}, {"status": "unaffected", "version": "11.6.0"}, {"status": "unaffected", "version": "11.5.2"}, {"status": "unaffected", "version": "10.11.14"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update Mattermost to versions 11.6.0, 11.5.2, 10.11.14 or higher."}], "references": [{"url": "https://mattermost.com/security-updates", "name": "MMSA-2026-00622", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to escape some variables that could contain malicious content during error page composition which allows an attacker with access to edit some site configuration to execute some malicious code via injecting some JS as part of those values.. Mattermost Advisory ID: MMSA-2026-00622"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2026-05-18T06:58:29.673Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3495", "state": "PUBLISHED", "dateUpdated": "2026-05-18T14:33:30.914Z", "dateReserved": "2026-03-03T17:33:56.666Z", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "datePublished": "2026-05-18T06:58:29.673Z", "assignerShortName": "Mattermost"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to escape some variables that could contain malicious content during error page composition which allows an attacker with access to edit some site configuration to execute some malicious code via injecting some JS as part of those values.. Mattermost Advisory ID: MMSA-2026-00622"}], "id": "CVE-2026-3495", "lastModified": "2026-05-18T17:32:38.127", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 2.5, "source": "responsibledisclosure@mattermost.com", "type": "Secondary"}]}, "published": "2026-05-18T08:16:13.900", "references": [{"source": "responsibledisclosure@mattermost.com", "url": "https://mattermost.com/security-updates"}], "sourceIdentifier": "responsibledisclosure@mattermost.com", "vulnStatus": "Undergoing Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "responsibledisclosure@mattermost.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[11.5.0,11.5.1]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[10.11.0,10.11.13]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "11.6.0"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "11.5.2"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "10.11.14"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Mattermost", "source": "cna", "vendor": "Mattermost"}, "product": "mattermost", "vendor": "mattermost"}], "created": "2026-05-18T09:30:22.296033+00:00", "updated": "2026-05-18T10:00:12.947634+00:00", "vendors": ["mattermost", "mattermost$PRODUCT$mattermost"]}