PatchSiren cyber security CVE debrief
CVE-2026-6541 Mattermost CVE debrief
CVE-2026-6541 is a vulnerability in Mattermost that allows an authenticated user with team access to alter another user's playbook metric settings via a crafted import or update request with a foreign metric ID. Affected versions include 11.7.x <= 11.7.1, 11.6.x <= 11.6.4, and 10.11.x <= 10.11.19. The vulnerability has a CVSS score of 4.3 and a severity of MEDIUM. There is no evidence of exploitation in the wild, but defenders should verify their installations and apply patches or updates as necessary.
- Vendor
- Mattermost
- Product
- Unknown
- CVSS
- MEDIUM 4.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-13
- Original CVE updated
- 2026-07-13
- Advisory published
- 2026-07-13
- Advisory updated
- 2026-07-13
Who should care
Users of Mattermost versions 11.7.x <= 11.7.1, 11.6.x <= 11.6.4, and 10.11.x <= 10.11.19 should be aware of this vulnerability and take steps to mitigate it. This includes verifying their installations, applying patches or updates, and monitoring for suspicious activity related to playbook metric configuration changes.
Technical summary
The vulnerability in Mattermost, tracked as CVE-2026-6541, is caused by a failure to restrict metric configuration changes to the playbook being saved. This allows an authenticated user with team access to alter another user's playbook metric settings via a crafted import or update request with a foreign metric ID. The vulnerability affects Mattermost versions 11.7.x <= 11.7.1, 11.6.x <= 11.6.4, and 10.11.x <= 10.11.19. To mitigate this vulnerability, defenders should verify their installations, apply patches or updates, and monitor for suspicious activity related to playbook metric configuration changes. Additionally, implementing compensating controls, such as restricting access to playbook metric configuration, and reviewing incident response plans can help reduce the risk associated with this vulnerability.
Defensive priority
Medium
Recommended defensive actions
- Inventory and verify Mattermost installations to identify those that are vulnerable.
- Apply vendor patches or updates to vulnerable Mattermost installations.
- Monitor for suspicious activity related to playbook metric configuration changes.
- Implement compensating controls, such as restricting access to playbook metric configuration.
- Review and update incident response plans to include procedures for responding to potential exploitation of this vulnerability.
- Conduct regular security audits to identify and address potential vulnerabilities in Mattermost installations.
- Provide training to users on the risks associated with this vulnerability and the importance of reporting suspicious activity.
Evidence notes
The CVE record was published on 2026-07-13T11:16:28.080Z and has not been modified since then. The NVD entry is currently in the 'Received' status. The vulnerability affects Mattermost versions 11.7.x <= 11.7.1, 11.6.x <= 11.6.4, and 10.11.x <= 10.11.19. There is no evidence of exploitation in the wild, but defenders should verify their installations and apply patches or updates as necessary.
Official resources
-
CVE-2026-6541 CVE record
CVE.org
-
CVE-2026-6541 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T11:16:28.080Z and has not been modified since then. The NVD entry is currently in the 'Received' status.