Q: What is the authoritative source for CVE-2026-4858?

CVE-2026-4858 (CVE-2026-4858) is catalogued in NVD + CISA KEV + FIRST EPSS and curated for EU compliance use cases by SQUR.

Q: How severe is CVE-2026-4858?

CVE-2026-4858 carries a CRITICAL CVSS 9.9 severity rating.

Question 1

What is CVE-2026-4858 — CVE-2026-4858?

Accepted Answer

Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to check integration URL for path traversal which allows an malicious authenticated user to call an arbitrary API via system admin Mattermost auth token using via path traversal in integration action U…

Question 2

What is the authoritative source for CVE-2026-4858?

Accepted Answer

CVE-2026-4858 (CVE-2026-4858) is catalogued in NVD + CISA KEV + FIRST EPSS and curated for EU compliance use cases by SQUR.

Question 3

How severe is CVE-2026-4858?

Accepted Answer

CVE-2026-4858 carries a CRITICAL CVSS 9.9 severity rating.

CVSS 3.1	9.9 (CRITICAL)
Vector	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS	0.25% probability of exploitation · percentile 16.0% · 2026-06-19T12:03:05Z
Published	2026-05-21
Last modified	2026-05-21

CVE-2026-4858CVE-2026-4858

Description

Scoring

Underlying weaknesses· 1

References

1

Related by meaning· 6