Package impact
Go / github.com/mattermost/mattermost-server
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-6346 | high | 8.7 | 8.7 | 17d ago | Mattermost doesn't sanitize sensitive configuration fields before including them in support packet generation | |||
| CVE-2026-6347 | high | 7.6 | 7.6 | 17d ago | Mattermost doesn't sanitize sensitive configuration fields in the Mattermost Calls plugin | |||
| CVE-2026-6334 | low | 3.8 | 3.8 | 17d ago | Mattermost doesn't enforce client identity binding during the OAuth authorization code redemption flow | |||
| CVE-2026-27769 | low | — | 2.5 | 2mo ago | Mattermost doesn't validate whether users were correctly owned by the correct Connected Workspace | |||
| CVE-2021-37860 | low | — | 2.5 | 5y ago | Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server |