Mattermost Desktop App
by Mattermost
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-4643 | Low | 0.23 | 3.5 | 0.00 | May 18, 2026 | Mattermost Desktop App versions <=6.1 6.0.1 5.4.13.0 fail to prevent server-rendered content from closing an underlying application view in the Mattermost Desktop App which allows a malicious server or plugin to crash the desktop client via invoking {{window.close()}} in the… | ||
| CVE-2025-13326 | 0.00 | — | 0.00 | Dec 17, 2025 | Mattermost Desktop App versions <6.0.0 fail to enable the Hardened Runtime on the Mattermost Desktop App when packaged for Mac App Store which allows an attacker to inherit TCC permissions via copying the binary to a tmp folder. | |||
| CVE-2023-5920 | 0.00 | — | 0.00 | Nov 2, 2023 | Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input. | |||
| CVE-2023-5875 | 0.00 | — | 0.00 | Nov 2, 2023 | Mattermost Desktop fails to correctly handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server | |||
| CVE-2023-5876 | 0.00 | — | 0.00 | Nov 2, 2023 | Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service. |
- risk 0.23cvss 3.5epss 0.00
Mattermost Desktop App versions <=6.1 6.0.1 5.4.13.0 fail to prevent server-rendered content from closing an underlying application view in the Mattermost Desktop App which allows a malicious server or plugin to crash the desktop client via invoking {{window.close()}} in the…
- CVE-2025-13326Dec 17, 2025risk 0.00cvss —epss 0.00
Mattermost Desktop App versions <6.0.0 fail to enable the Hardened Runtime on the Mattermost Desktop App when packaged for Mac App Store which allows an attacker to inherit TCC permissions via copying the binary to a tmp folder.
- CVE-2023-5920Nov 2, 2023risk 0.00cvss —epss 0.00
Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input.
- CVE-2023-5875Nov 2, 2023risk 0.00cvss —epss 0.00
Mattermost Desktop fails to correctly handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server
- CVE-2023-5876Nov 2, 2023risk 0.00cvss —epss 0.00
Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service.