Package impact
Go / github.com/mattermost/mattermost/server/v8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-6346 | high | 8.7 | 8.7 | 18d ago | Mattermost doesn't sanitize sensitive configuration fields before including them in support packet generation | |||
| CVE-2026-6334 | low | 3.8 | 3.8 | 18d ago | Mattermost doesn't enforce client identity binding during the OAuth authorization code redemption flow |