PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-6541 Mattermost CVE debrief

CVE-2026-6541 is a vulnerability in Mattermost that allows an authenticated user with team access to alter another user's playbook metric settings via a crafted import or update request with a foreign metric ID. Affected versions include 11.7.x <= 11.7.1, 11.6.x <= 11.6.4, and 10.11.x <= 10.11.19. The vulnerability has a CVSS score of 4.3 and a severity of MEDIUM. There is no evidence of exploitation in the wild, but defenders should verify their installations and apply patches or updates as necessary.

Vendor
Mattermost
Product
Unknown
CVSS
MEDIUM 4.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-13
Original CVE updated
2026-07-13
Advisory published
2026-07-13
Advisory updated
2026-07-13

Who should care

Users of Mattermost versions 11.7.x <= 11.7.1, 11.6.x <= 11.6.4, and 10.11.x <= 10.11.19 should be aware of this vulnerability and take steps to mitigate it. This includes verifying their installations, applying patches or updates, and monitoring for suspicious activity related to playbook metric configuration changes.

Technical summary

The vulnerability in Mattermost, tracked as CVE-2026-6541, is caused by a failure to restrict metric configuration changes to the playbook being saved. This allows an authenticated user with team access to alter another user's playbook metric settings via a crafted import or update request with a foreign metric ID. The vulnerability affects Mattermost versions 11.7.x <= 11.7.1, 11.6.x <= 11.6.4, and 10.11.x <= 10.11.19. To mitigate this vulnerability, defenders should verify their installations, apply patches or updates, and monitor for suspicious activity related to playbook metric configuration changes. Additionally, implementing compensating controls, such as restricting access to playbook metric configuration, and reviewing incident response plans can help reduce the risk associated with this vulnerability.

Defensive priority

Medium

Recommended defensive actions

  • Inventory and verify Mattermost installations to identify those that are vulnerable.
  • Apply vendor patches or updates to vulnerable Mattermost installations.
  • Monitor for suspicious activity related to playbook metric configuration changes.
  • Implement compensating controls, such as restricting access to playbook metric configuration.
  • Review and update incident response plans to include procedures for responding to potential exploitation of this vulnerability.
  • Conduct regular security audits to identify and address potential vulnerabilities in Mattermost installations.
  • Provide training to users on the risks associated with this vulnerability and the importance of reporting suspicious activity.

Evidence notes

The CVE record was published on 2026-07-13T11:16:28.080Z and has not been modified since then. The NVD entry is currently in the 'Received' status. The vulnerability affects Mattermost versions 11.7.x <= 11.7.1, 11.6.x <= 11.6.4, and 10.11.x <= 10.11.19. There is no evidence of exploitation in the wild, but defenders should verify their installations and apply patches or updates as necessary.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T11:16:28.080Z and has not been modified since then. The NVD entry is currently in the 'Received' status.