{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-26230", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "state": "PUBLISHED", "assignerShortName": "Mattermost", "dateReserved": "2026-02-13T10:39:47.088Z", "datePublished": "2026-03-16T20:19:51.287Z", "dateUpdated": "2026-03-17T13:37:17.914Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Mattermost", "vendor": "Mattermost", "versions": [{"lessThanOrEqual": "10.11.10", "status": "affected", "version": "10.11.0", "versionType": "semver"}, {"version": "11.4.0", "status": "unaffected"}, {"version": "10.11.11", "status": "unaffected"}]}], "credits": [{"lang": "en", "type": "finder", "value": "hackit_bharat"}], "descriptions": [{"lang": "en", "value": "Mattermost versions 10.11.x <= 10.11.10 fail to properly validate permission requirements in the team member roles API endpoint which allows team administrators to demote members to guest role. Mattermost Advisory ID: MMSA-2025-00531"}], "metrics": [{"cvssV3_1": {"attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "baseSeverity": "LOW", "baseScore": 3.8}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-863: Incorrect Authorization", "cweId": "CWE-863"}]}], "references": [{"url": "https://mattermost.com/security-updates", "name": "MMSA-2025-00531", "tags": ["vendor-advisory"]}], "solutions": [{"value": "Update Mattermost to versions 11.4.0, 10.11.11 or higher.", "lang": "en"}], "source": {"advisory": "MMSA-2025-00531", "defect": ["https://mattermost.atlassian.net/browse/MM-66091"], "discovery": "EXTERNAL"}, "title": "Team Admin Privilege Escalation to Demote Members to Guest", "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2026-03-16T20:19:51.287Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-17T13:37:10.650822Z", "id": "CVE-2026-26230", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-17T13:37:17.914Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-26230", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-17T13:37:10.650822Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-17T13:37:14.472Z"}}], "cna": {"title": "Team Admin Privilege Escalation to Demote Members to Guest", "source": {"defect": ["https://mattermost.atlassian.net/browse/MM-66091"], "advisory": "MMSA-2025-00531", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "hackit_bharat"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.8, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Mattermost", "product": "Mattermost", "versions": [{"status": "affected", "version": "10.11.0", "versionType": "semver", "lessThanOrEqual": "10.11.10"}, {"status": "unaffected", "version": "11.4.0"}, {"status": "unaffected", "version": "10.11.11"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update Mattermost to versions 11.4.0, 10.11.11 or higher."}], "references": [{"url": "https://mattermost.com/security-updates", "name": "MMSA-2025-00531", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "Mattermost versions 10.11.x <= 10.11.10 fail to properly validate permission requirements in the team member roles API endpoint which allows team administrators to demote members to guest role. Mattermost Advisory ID: MMSA-2025-00531"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863: Incorrect Authorization"}]}], "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2026-03-16T20:19:51.287Z"}}}, "cveMetadata": {"cveId": "CVE-2026-26230", "state": "PUBLISHED", "dateUpdated": "2026-03-17T13:37:17.914Z", "dateReserved": "2026-02-13T10:39:47.088Z", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "datePublished": "2026-03-16T20:19:51.287Z", "assignerShortName": "Mattermost"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "B6E5F368-358C-429B-8F04-3C8DF4A71A91", "versionEndExcluding": "10.11.11", "versionStartIncluding": "10.11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Mattermost versions 10.11.x <= 10.11.10 fail to properly validate permission requirements in the team member roles API endpoint which allows team administrators to demote members to guest role. Mattermost Advisory ID: MMSA-2025-00531"}], "id": "CVE-2026-26230", "lastModified": "2026-03-18T13:56:13.130", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 2.5, "source": "responsibledisclosure@mattermost.com", "type": "Secondary"}]}, "published": "2026-03-16T21:16:33.480", "references": [{"source": "responsibledisclosure@mattermost.com", "tags": ["Vendor Advisory"], "url": "https://mattermost.com/security-updates"}], "sourceIdentifier": "responsibledisclosure@mattermost.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "responsibledisclosure@mattermost.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[10.11.0,10.11.10]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "11.4.0"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "10.11.11"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Mattermost", "source": "cna", "vendor": "Mattermost"}, "product": "mattermost", "vendor": "mattermost"}], "analysis": {"en": {"generated_at": "2026-03-18T15:26:23.178260+00:00", "value": {"mitigation_remediation": ["Apply the vendor patch to upgrade Mattermost Server to version 10.11.11 or newer, or to 11.4.0 or newer."], "summary": {"action": "Patch", "impact": "Unauthorized privilege downgrade by team administrators"}, "threat_synthesis": {"affected_systems": "The affected product is Mattermost Server. Version 10.11.0 through 10.11.10 are impacted. The vendor\u2019s advisory recommends upgrading to 10.11.11 or newer, or to 11.4.0 or newer. No other vendors or product lines are listed in the data.", "description_and_impact": "Mattermost server versions 10.11.x up to 10.11.10 contain a flaw where the team member roles API endpoint does not properly enforce permission checks. This allows a user who holds a team administrator role to issue API calls that demote any team member to the Guest role. The primary impact is a unilateral reduction of a member\u2019s privileges, potentially disrupting collaboration and workflow. The vulnerability is related to CWE-863, reflecting improper authorization control over role assignment.", "risk_and_exploitability": "The CVSS score is 3.8, indicating moderate severity. The EPSS score is below 1%, suggesting a low probability of exploitation. The issue is not listed in the CISA KEV catalog, implying it has not been observed in high-profile exploitation. Exploitation requires authenticated access with team administrator privileges; an authenticated attacker can simply call the API endpoint with the appropriate parameters to demote a member to Guest. The attack vector is therefore internal by authorized users, and the risk is moderate due to the limited impact of privilege reduction and low external exploitability."}}}}, "created": "2026-03-17T09:52:08.797235+00:00", "updated": "2026-03-24T10:49:48.247461+00:00", "vendors": ["mattermost", "mattermost$PRODUCT$mattermost"]}