Low severity3.8NVD Advisory· Published May 18, 2026· Updated May 19, 2026
CVE-2026-3495
CVE-2026-3495
Description
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to escape some variables that could contain malicious content during error page composition which allows an attacker with access to edit some site configuration to execute some malicious code via injecting some JS as part of those values.. Mattermost Advisory ID: MMSA-2026-00622
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/mattermost/mattermost/server/v8Go | >= 10.11.0, < 10.11.14 | 10.11.14 |
github.com/mattermost/mattermost/server/v8Go | >= 11.5.0, < 11.5.2 | 11.5.2 |
github.com/mattermost/mattermost/server/v8Go | < 8.0.0-20260310115442-5a1ea95044d | 8.0.0-20260310115442-5a1ea95044d |
github.com/mattermost/mattermost-serverGo | < 5.3.2-0.20260310115442-5a1ea95044dc | 5.3.2-0.20260310115442-5a1ea95044dc |
Affected products
2cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*range: >=10.11.0,<10.11.14
- (no CPE)range: <=11.5.1, <=10.11.13
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-jx93-pf6x-874rghsaADVISORY
- mattermost.com/security-updatesnvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2026-3495ghsaADVISORY
- github.com/mattermost/mattermost/commit/5a1ea95044dc2d1ca601bfe9a4c1bc17990f3872ghsaWEB
News mentions
0No linked articles in our index yet.