PatchSiren cyber security CVE debrief
CVE-2026-10085 Mattermost CVE debrief
CVE-2026-10085 is a vulnerability in Mattermost that allows an ordinary group or direct message member to remove all participants from a conversation via the channel patch API. The vulnerability is caused by a failure to restrict the group_constrained channel flag to public and private channels that support group synchronization. This issue can have significant operational impacts on organizations using affected Mattermost versions. The CVE record was published on 2026-07-13T09:16:22.447Z and has not been modified since then.
- Vendor
- Mattermost
- Product
- Unknown
- CVSS
- MEDIUM 5.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-13
- Original CVE updated
- 2026-07-13
- Advisory published
- 2026-07-13
- Advisory updated
- 2026-07-13
Who should care
Users of Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 should be aware of this vulnerability and take steps to mitigate it. This includes administrators, security teams, and operators who manage Mattermost deployments, as well as vulnerability management teams who track and remediate security issues.
Technical summary
The vulnerability is caused by a failure to restrict the group_constrained channel flag to public and private channels that support group synchronization in Mattermost. This allows an ordinary group or direct message member to remove all participants from a conversation via the channel patch API. The affected versions are Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19. This issue can have significant operational impacts on organizations using affected Mattermost versions, as it could allow unauthorized modifications to channels.
Defensive priority
Medium-High
Recommended defensive actions
- Apply patches or updates provided by Mattermost to vulnerable versions.
- Restrict access to the channel patch API to authorized users.
- Monitor for suspicious activity related to channel modifications.
- Review compensating controls for exposed systems while remediation is scheduled and verified.
- Check relevant monitoring, detection, and logs for exposed assets that need extra review.
- Track exceptions, retest remediated assets, and close the item only after evidence is documented.
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
Evidence notes
The CVE record was published on 2026-07-13T09:16:22.447Z and has not been modified since then. The NVD entry is currently in the 'Received' status. This information is based on the provided source corpus and may not reflect the current status of the vulnerability. Users should verify the information with the official sources for the most up-to-date details. The evidence is limited, and defenders should verify the affected scope and vendor guidance.
Official resources
-
CVE-2026-10085 CVE record
CVE.org
-
CVE-2026-10085 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T09:16:22.447Z and has not been modified since then. The NVD entry is currently in the 'Received' status.