VYPR
Unrated severityNVD Advisory· Published Mar 2, 2026· Updated Mar 2, 2026

Mattermost allows external websites to open within the app, exposing preload functionality to non-trusted sites.

CVE-2026-1628

Description

Mattermost Desktop App versions <=5.13.3 fail to attach listeners restricting navigation to external sites within the Mattermost app which allows a malicious server to expose preload script functionality to untrusted servers via having a user open an external link in their Mattermost server. Mattermost Advisory ID: MMSA-2026-00596

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.