VYPR
Low severityNVD Advisory· Published Nov 14, 2025· Updated Nov 14, 2025

Unauthorized access to archived channel content via threads interface

CVE-2025-41436

Description

Mattermost versions <11.0 fail to properly enforce the "Allow users to view archived channels" setting which allows regular users to access archived channel content and files via the "Open in Channel" functionality from followed threads

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/mattermost/mattermost-serverGo
< 11.0.0-alpha.111.0.0-alpha.1
github.com/mattermost/mattermost/server/v8Go
< 8.0.0-20250815165020-c8d66301415d8.0.0-20250815165020-c8d66301415d

Affected products

3

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.