{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22892", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "state": "PUBLISHED", "assignerShortName": "Mattermost", "dateReserved": "2026-01-15T11:34:00.188Z", "datePublished": "2026-02-13T10:29:00.943Z", "dateUpdated": "2026-02-13T17:03:30.894Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Mattermost", "vendor": "Mattermost", "versions": [{"lessThanOrEqual": "11.1.2", "status": "affected", "version": "11.1.0", "versionType": "semver"}, {"lessThanOrEqual": "10.11.9", "status": "affected", "version": "10.11.0", "versionType": "semver"}, {"lessThanOrEqual": "11.2.1", "status": "affected", "version": "11.2.0", "versionType": "semver"}, {"version": "11.3.0", "status": "unaffected"}, {"version": "11.1.3", "status": "unaffected"}, {"version": "10.11.10", "status": "unaffected"}, {"version": "11.2.2", "status": "unaffected"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Juho Fors\u00e9n"}], "descriptions": [{"lang": "en", "value": "Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have access to via the /create-issue API endpoint by providing the post ID of an inaccessible post.. Mattermost Advisory ID: MMSA-2025-00550"}], "metrics": [{"cvssV3_1": {"attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "MEDIUM", "baseScore": 4.3}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-863: Incorrect Authorization", "cweId": "CWE-863"}]}], "references": [{"url": "https://mattermost.com/security-updates", "name": "MMSA-2025-00550", "tags": ["vendor-advisory"]}], "solutions": [{"value": "Update Mattermost to versions 11.3.0, 11.1.3, 10.11.10, 11.2.2 or higher.", "lang": "en"}], "source": {"advisory": "MMSA-2025-00550", "defect": ["https://mattermost.atlassian.net/browse/MM-66325"], "discovery": "{\"self\"=>\"https://mattermost.atlassian.net/rest/api/2/customFieldOption/10557\", \"value\"=>\"Internal\", \"id\"=>\"10557\"}"}, "title": "Insufficient Authorization in Mattermost Jira Plugin Allows Unauthorized Access to Post Attachments", "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2026-02-13T10:29:00.943Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-13T17:03:09.966734Z", "id": "CVE-2026-22892", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-13T17:03:30.894Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22892", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "state": "PUBLISHED", "assignerShortName": "Mattermost", "dateReserved": "2026-01-15T11:34:00.188Z", "datePublished": "2026-02-13T10:29:00.943Z", "dateUpdated": "2026-02-13T17:03:30.894Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Mattermost", "vendor": "Mattermost", "versions": [{"lessThanOrEqual": "11.1.2", "status": "affected", "version": "11.1.0", "versionType": "semver"}, {"lessThanOrEqual": "10.11.9", "status": "affected", "version": "10.11.0", "versionType": "semver"}, {"lessThanOrEqual": "11.2.1", "status": "affected", "version": "11.2.0", "versionType": "semver"}, {"version": "11.3.0", "status": "unaffected"}, {"version": "11.1.3", "status": "unaffected"}, {"version": "10.11.10", "status": "unaffected"}, {"version": "11.2.2", "status": "unaffected"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Juho Fors\u00e9n"}], "descriptions": [{"lang": "en", "value": "Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have access to via the /create-issue API endpoint by providing the post ID of an inaccessible post.. Mattermost Advisory ID: MMSA-2025-00550"}], "metrics": [{"cvssV3_1": {"attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "MEDIUM", "baseScore": 4.3}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-863: Incorrect Authorization", "cweId": "CWE-863"}]}], "references": [{"url": "https://mattermost.com/security-updates", "name": "MMSA-2025-00550", "tags": ["vendor-advisory"]}], "solutions": [{"value": "Update Mattermost to versions 11.3.0, 11.1.3, 10.11.10, 11.2.2 or higher.", "lang": "en"}], "source": {"advisory": "MMSA-2025-00550", "defect": ["https://mattermost.atlassian.net/browse/MM-66325"], "discovery": "{\"self\"=>\"https://mattermost.atlassian.net/rest/api/2/customFieldOption/10557\", \"value\"=>\"Internal\", \"id\"=>\"10557\"}"}, "title": "Insufficient Authorization in Mattermost Jira Plugin Allows Unauthorized Access to Post Attachments", "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2026-02-13T10:29:00.943Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22892", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-13T17:03:09.966734Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-13T17:03:16.680Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "92B0F8BD-06A1-4B39-95C5-4FB5A195F1C4", "versionEndExcluding": "10.11.10", "versionStartIncluding": "10.11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "0910E4A8-6DBD-407F-B262-38E4DE9657D2", "versionEndExcluding": "11.1.3", "versionStartIncluding": "11.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "D98EAFB2-8055-4893-835B-30A99ED97892", "versionEndExcluding": "11.2.2", "versionStartIncluding": "11.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have access to via the /create-issue API endpoint by providing the post ID of an inaccessible post.. Mattermost Advisory ID: MMSA-2025-00550"}], "id": "CVE-2026-22892", "lastModified": "2026-02-18T21:34:16.227", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "responsibledisclosure@mattermost.com", "type": "Secondary"}]}, "published": "2026-02-13T11:16:10.693", "references": [{"source": "responsibledisclosure@mattermost.com", "tags": ["Vendor Advisory"], "url": "https://mattermost.com/security-updates"}], "sourceIdentifier": "responsibledisclosure@mattermost.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "responsibledisclosure@mattermost.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[11.1.0,11.1.2]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[10.11.0,10.11.9]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[11.2.0,11.2.1]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "11.3.0"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "11.1.3"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "10.11.10"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "11.2.2"}}], "product": "mattermost", "vendor": "mattermost"}], "analysis": {"en": {"generated_at": "2026-04-17T19:54:23.477316+00:00", "value": {"mitigation_remediation": ["Update Mattermost to version 11.3.0, 11.1.3, 10.11.10, 11.2.2 or newer as per the vendor advisory", "Restrict Jira plugin permissions so that only authorized roles can invoke the /create-issue endpoint", "If the plugin is not required for your environment, consider disabling it entirely or restricting its endpoints through network firewalls or application\u2011level controls"], "summary": {"action": "Apply Patch", "impact": "Unauthorized reading of restricted Mattermost post content and attachments via the Jira plugin"}, "threat_synthesis": {"affected_systems": "Versions of Mattermost Mattermost Server 10.11.x up to 10.11.9, 11.1.x up to 11.1.2, and 11.2.x up to 11.2.1 are impacted. Users running these releases are vulnerable to the confidentiality breach described above.", "description_and_impact": "Mattermost versions before 11.1.3, 10.11.10, and 11.2.2 incorrectly ignore permission checks while creating Jira issues, enabling an authenticated user who can access the Jira plugin to retrieve the full content and attachments of any post the user otherwise cannot see. This privilege escalation flaw stems from inadequate authorization controls (CWE\u2011863). The resulting leakage can expose sensitive information to unauthorized personnel or systems.", "risk_and_exploitability": "The vulnerability carries a CVSS score of 4.3, indicating moderate severity. The EPSS score is < 1%, suggesting a low probability of exploitation in the near term. It does not currently appear in the CISA KEV catalog. Exploitation requires an authenticated attacker with access to the Jira plugin, typically through legitimate plugin use or via compromised credentials. Without such access, the flaw remains unexploitable."}}}}, "created": "2026-02-13T21:28:43.971472+00:00", "updated": "2026-04-17T20:00:09.021627+00:00", "vendors": ["mattermost", "mattermost$PRODUCT$mattermost"]}