VYPR
Moderate severityNVD Advisory· Published Mar 16, 2026· Updated Mar 16, 2026

Missing authorization check allows unauthorized modification of other users' comments on a board

CVE-2026-2461

Description

Mattermost Plugins versions <=11.3 11.0.3 11.2.2 10.10.11.0 fail to implement authorisation checks on comment block modifications, which allows an authorised attacker with editor permission to modify comments created by other board members. Mattermost Advisory ID: MMSA-2025-00559

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/mattermost/mattermost-plugin-boardsGo
< 0.0.0-20260108044135-57c5be5b6ef50.0.0-20260108044135-57c5be5b6ef5

Affected products

3

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.