Description
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to escape some variables that could contain malicious content during error page composition which allows an attacker with access to edit some site configuration to execute some malicious code via injecting some JS as part of those values.. Mattermost Advisory ID: MMSA-2026-00622
Published: 2026-05-18
Score: 3.8 Low
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises because certain site configuration variables are not properly escaped when composite error pages are rendered. If a value contains malicious JavaScript, it is injected into the page, allowing an attacker to execute code in the victim’s browser context. This flaw is a classic client‑side XSS described by CWE‑79, which can lead to credential theft, defacement, or session hijacking for users who view the error page.

Affected Systems

Mattermost Mattermost is affected. Versions 11.5.x up to and including 11.5.1, and 10.11.x up to and including 10.11.13 contain the flaw. The issue is fixed in versions 11.6.0, 11.5.2, and 10.11.14 or later.

Risk and Exploitability

The CVSS score is 3.8, indicating low overall severity, and no EPSS score is available. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector requires an attacker to have the ability to edit site configuration settings, a capability typically reserved for privileged users. Once configuration values are altered to contain JavaScript, any user who triggers the error page will have the code executed in their browser.

Generated by OpenCVE AI on May 18, 2026 at 09:21 UTC.

Remediation

Vendor Solution

Update Mattermost to versions 11.6.0, 11.5.2, 10.11.14 or higher.

OpenCVE Recommended Actions

  • Apply the vendor patch by upgrading to Mattermost 11.6.0, 11.5.2, 10.11.14 or later.
  • If an immediate update is not feasible, restrict or remove the configuration settings that may contain user‑supplied values or reset them to safe defaults.
  • Deploy a strong content security policy to limit script execution in the error page context.
  • Audit recent configuration changes for suspicious or injected code and remediate promptly.

Generated by OpenCVE AI on May 18, 2026 at 09:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://mattermost.com/security-updates cve-icon cve-icon
History

Mon, 18 May 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Mattermost
Mattermost mattermost
Vendors & Products Mattermost
Mattermost mattermost

Mon, 18 May 2026 08:00:00 +0000

Type Values Removed Values Added
Description Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to escape some variables that could contain malicious content during error page composition which allows an attacker with access to edit some site configuration to execute some malicious code via injecting some JS as part of those values.. Mattermost Advisory ID: MMSA-2026-00622
Title Unescaped variables during error page composition
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 3.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N'}

Subscriptions

Mattermost Mattermost
cve-icon MITRE

Status: PUBLISHED

Assigner: Mattermost

Published:

Updated: 2026-05-18T06:58:29.673Z

Reserved: 2026-03-03T17:33:56.666Z

Link: CVE-2026-3495

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-18T08:16:13.900

Modified: 2026-05-18T08:16:13.900

Link: CVE-2026-3495

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-18T10:00:12Z

Weaknesses