PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-6345 Mattermost CVE debrief

CVE-2026-6345 describes a Mattermost Server issue where created user passwords were not adequately protected from disclosure. According to the vendor and NVD, a malicious attacker with sufficient privileges could use exposed passwords to impersonate a user. The issue is rated medium severity with high confidentiality and integrity impact.

Vendor
Mattermost
Product
Mattermost Server
CVSS
MEDIUM 6.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-18
Original CVE updated
2026-05-18
Advisory published
2026-05-18
Advisory updated
2026-05-18

Who should care

Organizations running Mattermost Server, especially versions 10.11.0-10.11.13, 11.4.0-11.4.3, or 11.5.0-11.5.1. Security teams should pay attention because the issue affects credentials and can enable user impersonation if a privileged attacker can access the disclosed passwords.

Technical summary

NVD maps CVE-2026-6345 to CWE-522 and assigns CVSS 3.1 vector CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N, indicating a network-reachable issue requiring high privileges, with no user interaction, and significant confidentiality and integrity impact. The vulnerable Mattermost Server ranges listed in NVD are 10.11.0 through 10.11.13, 11.4.0 through 11.4.3, and 11.5.0 through 11.5.1. The core problem is a failure to prevent disclosure of created user passwords, which can be used for impersonation.

Defensive priority

Medium priority: patch affected Mattermost Server instances promptly, and treat the issue as more urgent where privileged access is broadly distributed or tightly sensitive accounts are in scope.

Recommended defensive actions

  • Upgrade Mattermost Server to a fixed release outside the affected ranges: 10.11.14 or later, 11.4.4 or later, or 11.5.2 or later.
  • Review the Mattermost security updates advisory for vendor guidance and any release-specific remediation notes.
  • If exposure is suspected, rotate affected user passwords and invalidate any sessions or credentials that may have been derived from them.
  • Audit privileged user activity around the disclosure window for signs of impersonation or unusual authentication behavior.
  • Apply least-privilege controls and restrict access to privileged Mattermost accounts to reduce the impact of credential disclosure issues.

Evidence notes

The supplied NVD record marks the vulnerability as analyzed and lists vulnerable Mattermost Server ranges of 10.11.0-10.11.13, 11.4.0-11.4.3, and 11.5.0-11.5.1. NVD also records the vendor reference https://mattermost.com/security-updates and classifies the weakness as CWE-522. The CVSS vector supplied by NVD is CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N. Published and modified timestamps in the supplied corpus are both 2026-05-18, with the modified timestamp later the same day.

Official resources

The CVE and NVD records in the supplied corpus were published on 2026-05-18 and modified later the same day. NVD cites Mattermost's security updates page as the vendor reference.