CVE-2026-6346HIGH 8.7EPSS p20.5%

CVE-2026-6346CVE-2026-6346

Description

Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to sanitize sensitive configuration fields before including them in support packet generation, which allows a Mattermost System Admin or any party with access to a support packet to obtain sensitive credentials in plaintext via downloading a support packet from the System Console.. Mattermost Advisory ID: MMSA-2026-00607

Scoring

CVSS 3.18.7 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
EPSS0.29% probability of exploitation · percentile 20.5% · 2026-06-19T12:03:05Z
Published2026-05-18
Last modified2026-05-18

Underlying weaknesses· 1

CWE-200

References

  1. https://mattermost.com/security-updates

1

TypeTargetConfidenceTier
WeaknessExposure of Sensitive Information to an Unauthorized Actorcwe-2000%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-3108
CVE
CVE-2026-3524
CVE
CVE-2026-28741
CVE
CVE-2026-3116
CVE
CVE-2026-2454
CVE
CVE-2026-6957
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.