PatchSiren cyber security CVE debrief
CVE-2026-6517 Mattermost CVE debrief
CVE-2026-6517 is a medium-severity vulnerability in the Mattermost Desktop App. Versions <=6.1 5.5.13.0 fail to restrict the allow list of domains to which NTLM credentials were forwarded. This allows any user on a server without the image proxy enabled to intercept other users' credentials via embedding an image that routes to an external web server. The vulnerability has a CVSS score of 6.3 and was published on [cvePublishedAt].
- Vendor
- Mattermost
- Product
- Unknown
- CVSS
- MEDIUM 6.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of Mattermost Desktop App versions <=6.1 5.5.13.0 should update to a patched version to prevent credential interception.
Technical summary
The Mattermost Desktop App did not properly restrict the forwarding of NTLM credentials to external domains. An attacker could exploit this by embedding an image that routes to an external web server, allowing them to intercept credentials from other users.
Defensive priority
medium
Recommended defensive actions
- Update Mattermost Desktop App to a version greater than 6.1 5.5.13.0
- Enable the image proxy feature on Mattermost servers
Evidence notes
The CVE was published on [cvePublishedAt] and has a CVSS score of 6.3. The vulnerability was reported by [[email protected]].
Official resources
-
CVE-2026-6517 CVE record
CVE.org
-
CVE-2026-6517 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-6517 was published on 2026-06-15T14:16:37.910Z with a CVSS score of 6.3. Mattermost has provided security updates on their website ([ref-4]). Users should update to a patched version of the Mattermost Desktop App to prevent this 6