Medium severity6.5NVD Advisory· Published May 18, 2026· Updated May 29, 2026
CVE-2026-3117
CVE-2026-3117
Description
Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to properly check for permissions when processing commands in the Gitlab plugin which allows normal users to uninstall instances or setup webhook connections via the {{gitlab instance {option}}} or the {{/gitlab webhook {option}}} commands. Mattermost Advisory ID: MMSA-2026-00600
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*Range: >=10.13.0,<=10.13.11
- Range: <=11.5, <=11.1.5, <=10.13.11, <=11.3.4.0
Patches
Vulnerability mechanics
References
1- mattermost.com/security-updatesnvdVendor Advisory
News mentions
0No linked articles in our index yet.