VYPR
High severityNVD Advisory· Published Mar 16, 2026· Updated Mar 16, 2026

MS Teams plugin sensitive config values not properly masked in support packets

CVE-2026-2476

Description

Mattermost Plugins versions <=2.0.3.0 fail to properly mask sensitive configuration values which allows an attacker with access to support packets to obtain original plugin settings via exported configuration data. Mattermost Advisory ID: MMSA-2026-00606

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/mattermost/mattermost-plugin-msteamsGo
< 1.15.1-0.20260102165339-036c761bd3cb1.15.1-0.20260102165339-036c761bd3cb

Affected products

3

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.