{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1046", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "state": "PUBLISHED", "assignerShortName": "Mattermost", "dateReserved": "2026-01-16T16:24:48.693Z", "datePublished": "2026-02-16T12:10:38.668Z", "dateUpdated": "2026-02-17T17:05:58.569Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Mattermost", "vendor": "Mattermost", "versions": [{"lessThanOrEqual": "6.2.0", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThanOrEqual": "5.2.13", "status": "affected", "version": "0", "versionType": "semver"}, {"version": "6.1.0", "status": "unaffected"}, {"version": "6.0.3.0", "status": "unaffected"}, {"version": "5.13.3.0", "status": "unaffected"}]}], "credits": [{"lang": "en", "type": "finder", "value": "hackerman70000"}], "descriptions": [{"lang": "en", "value": "Mattermost Desktop App versions <=6.0 6.2.0 5.2.13.0 fail to validate help links which allows a malicious Mattermost server to execute arbitrary executables on a user\u2019s system via the user clicking on certain items in the Help menu Mattermost Advisory ID: MMSA-2026-00577"}], "metrics": [{"cvssV3_1": {"attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "LOW", "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:L", "baseSeverity": "HIGH", "baseScore": 7.6}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-939: Improper Authorization in Handler for Custom URL Scheme", "cweId": "CWE-939"}]}], "references": [{"url": "https://mattermost.com/security-updates", "name": "MMSA-2026-00577", "tags": ["vendor-advisory"]}], "solutions": [{"value": "Update Mattermost Desktop App to versions 6.1.0, 6.0.3.0, 5.13.3.0 or higher.", "lang": "en"}], "source": {"advisory": "MMSA-2026-00577", "defect": ["https://mattermost.atlassian.net/browse/MM-67103"], "discovery": "EXTERNAL"}, "title": "Arbitrary application execution via unvalidated server-controlled URLs in Help menu", "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2026-02-16T12:10:38.668Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-17T16:42:12.292444Z", "id": "CVE-2026-1046", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-17T17:05:58.569Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1046", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-17T16:42:12.292444Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-17T16:42:13.057Z"}}], "cna": {"title": "Arbitrary application execution via unvalidated server-controlled URLs in Help menu", "source": {"defect": ["https://mattermost.atlassian.net/browse/MM-67103"], "advisory": "MMSA-2026-00577", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "hackerman70000"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Mattermost", "product": "Mattermost", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "6.2.0"}, {"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "5.2.13"}, {"status": "unaffected", "version": "6.1.0"}, {"status": "unaffected", "version": "6.0.3.0"}, {"status": "unaffected", "version": "5.13.3.0"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update Mattermost Desktop App to versions 6.1.0, 6.0.3.0, 5.13.3.0 or higher."}], "references": [{"url": "https://mattermost.com/security-updates", "name": "MMSA-2026-00577", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "Mattermost Desktop App versions <=6.0 6.2.0 5.2.13.0 fail to validate help links which allows a malicious Mattermost server to execute arbitrary executables on a user\u2019s system via the user clicking on certain items in the Help menu Mattermost Advisory ID: MMSA-2026-00577"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-939", "description": "CWE-939: Improper Authorization in Handler for Custom URL Scheme"}]}], "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2026-02-16T12:10:38.668Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1046", "state": "PUBLISHED", "dateUpdated": "2026-02-17T17:05:58.569Z", "dateReserved": "2026-01-16T16:24:48.693Z", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "datePublished": "2026-02-16T12:10:38.668Z", "assignerShortName": "Mattermost"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mattermost:mattermost_desktop:*:*:*:*:*:*:*:*", "matchCriteriaId": "AC95A24C-5114-4A60-A792-8785203293C2", "versionEndExcluding": "5.13.3", "versionStartIncluding": "5.13.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:mattermost:mattermost_desktop:*:*:*:*:*:*:*:*", "matchCriteriaId": "6A567559-94D1-4F5E-9D34-1E8A441B6657", "versionEndExcluding": "6.0.3", "versionStartIncluding": "6.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Mattermost Desktop App versions <=6.0 6.2.0 5.2.13.0 fail to validate help links which allows a malicious Mattermost server to execute arbitrary executables on a user\u2019s system via the user clicking on certain items in the Help menu Mattermost Advisory ID: MMSA-2026-00577"}, {"lang": "es", "value": "Las versiones &lt;=6.0 6.2.0 5.2.13.0 de la Aplicaci\u00f3n de escritorio Mattermost no validan los enlaces de ayuda, lo que permite que un servidor Mattermost malicioso ejecute ejecutables arbitrarios en el sistema de un usuario al hacer clic el usuario en ciertos elementos del men\u00fa de Ayuda. ID de aviso de Mattermost: MMSA-2026-00577"}], "id": "CVE-2026-1046", "lastModified": "2026-03-23T17:27:17.083", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 4.7, "source": "responsibledisclosure@mattermost.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-16T13:16:00.793", "references": [{"source": "responsibledisclosure@mattermost.com", "tags": ["Vendor Advisory"], "url": "https://mattermost.com/security-updates"}], "sourceIdentifier": "responsibledisclosure@mattermost.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-939"}], "source": "responsibledisclosure@mattermost.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,6.2.0]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,5.2.13]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "6.1.0"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "6.0.3.0"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "5.13.3.0"}}], "product": "mattermost", "vendor": "mattermost"}], "analysis": {"en": {"generated_at": "2026-04-18T12:07:02.983688+00:00", "value": {"mitigation_remediation": ["Update Mattermost Desktop App to version 6.1.0, 6.0.3.0, 5.13.3.0, or any newer release.\n", "If an immediate patch is not feasible, disable the Help menu or block the opening of external links until a patched client is in use.\n", "Configure client or system policy to validate or strip untrusted help\u2011menu URLs before execution, ensuring only trusted protocols are allowed."], "summary": {"action": "Patch Immediately", "impact": "Arbitrary code execution via unvalidated Help menu URLs"}, "threat_synthesis": {"affected_systems": "The affected vendor is Mattermost; the product is the Mattermost Desktop App. All releases through 6.0, including the 6.2.0 build, and the 5.2.13.0 build are vulnerable. The advisory recommends updating to any supported release of 6.1.0, 6.0.3.0, 5.13.3.0, or higher to remove the flaw.", "description_and_impact": "Mattermost Desktop App versions up to and including 6.0, 6.2.0, and 5.2.13.0 fail to validate links presented in the Help menu. A remote Mattermost server can publish a URL that, when a user clicks it, triggers the desktop client to execute an arbitrary local program. This flaw derives from CWE\u2011939, which describes untrusted input leading to arbitrary code execution. The consequence is that a malicious server can run any program on the client machine with the user\u2019s privileges, potentially compromising confidentiality, integrity, and availability.", "risk_and_exploitability": "The CVSS score of 7.6 indicates a high severity vulnerability. The EPSS score is below 1\u202f%, implying a very low current exploitation probability, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is remote, requiring a compromised Mattermost server to embed a malicious help\u2011menu link. The user must click the link; no additional authentication or privilege escalation is necessary beyond the existing user session. If the link is triggered, any executable specified in the URL is launched with the client\u2019s user rights, providing the attacker full control over the affected machine."}}}}, "created": "2026-02-17T08:49:45.726442+00:00", "updated": "2026-04-18T12:15:15.778926+00:00", "vendors": ["mattermost", "mattermost$PRODUCT$mattermost"]}