{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27769", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "state": "PUBLISHED", "assignerShortName": "Mattermost", "dateReserved": "2026-03-16T08:51:03.250Z", "datePublished": "2026-04-15T10:11:07.676Z", "dateUpdated": "2026-04-15T13:08:35.452Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Mattermost", "vendor": "Mattermost", "versions": [{"lessThanOrEqual": "10.11.12", "status": "affected", "version": "10.11.0", "versionType": "semver"}, {"version": "11.5.0", "status": "unaffected"}, {"version": "10.11.13", "status": "unaffected"}]}], "credits": [{"lang": "en", "type": "finder", "value": "daw10"}], "descriptions": [{"lang": "en", "value": "Mattermost versions 10.11.x <= 10.11.12 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicious remote server connected using the Conntexted Workspaces feature to change the displayed status of local users via the Connected Workspaces API.. Mattermost Advisory ID: MMSA-2026-00603"}], "metrics": [{"cvssV3_1": {"attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "baseSeverity": "LOW", "baseScore": 2.7}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-862: Missing Authorization", "cweId": "CWE-862"}]}], "references": [{"url": "https://mattermost.com/security-updates", "name": "MMSA-2026-00603", "tags": ["vendor-advisory"]}], "solutions": [{"value": "Update Mattermost to versions 11.5.0, 10.11.13 or higher.", "lang": "en"}], "source": {"advisory": "MMSA-2026-00603", "defect": ["https://mattermost.atlassian.net/browse/MM-67521"], "discovery": "EXTERNAL"}, "title": "Connected Workspaces: Malicious remote server can manipulate arbitrary user's status", "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2026-04-15T10:11:07.676Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-15T13:08:29.628271Z", "id": "CVE-2026-27769", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T13:08:35.452Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27769", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-15T13:08:29.628271Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T13:08:32.237Z"}}], "cna": {"title": "Connected Workspaces: Malicious remote server can manipulate arbitrary user's status", "source": {"defect": ["https://mattermost.atlassian.net/browse/MM-67521"], "advisory": "MMSA-2026-00603", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "daw10"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Mattermost", "product": "Mattermost", "versions": [{"status": "affected", "version": "10.11.0", "versionType": "semver", "lessThanOrEqual": "10.11.12"}, {"status": "unaffected", "version": "11.5.0"}, {"status": "unaffected", "version": "10.11.13"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update Mattermost to versions 11.5.0, 10.11.13 or higher."}], "references": [{"url": "https://mattermost.com/security-updates", "name": "MMSA-2026-00603", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "Mattermost versions 10.11.x <= 10.11.12 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicious remote server connected using the Conntexted Workspaces feature to change the displayed status of local users via the Connected Workspaces API.. Mattermost Advisory ID: MMSA-2026-00603"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862: Missing Authorization"}]}], "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2026-04-15T10:11:07.676Z"}}}, "cveMetadata": {"cveId": "CVE-2026-27769", "state": "PUBLISHED", "dateUpdated": "2026-04-15T13:08:35.452Z", "dateReserved": "2026-03-16T08:51:03.250Z", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "datePublished": "2026-04-15T10:11:07.676Z", "assignerShortName": "Mattermost"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCC7A7BB-02AF-4CC9-9F33-8787C87B73F0", "versionEndExcluding": "10.11.13", "versionStartIncluding": "10.11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Mattermost versions 10.11.x <= 10.11.12 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicious remote server connected using the Conntexted Workspaces feature to change the displayed status of local users via the Connected Workspaces API.. Mattermost Advisory ID: MMSA-2026-00603"}], "id": "CVE-2026-27769", "lastModified": "2026-04-22T19:43:52.157", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "responsibledisclosure@mattermost.com", "type": "Secondary"}]}, "published": "2026-04-15T11:16:33.017", "references": [{"source": "responsibledisclosure@mattermost.com", "tags": ["Vendor Advisory"], "url": "https://mattermost.com/security-updates"}], "sourceIdentifier": "responsibledisclosure@mattermost.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "responsibledisclosure@mattermost.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[10.11.0,10.11.12]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "11.5.0"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "10.11.13"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Mattermost", "source": "cna", "vendor": "Mattermost"}, "product": "mattermost", "vendor": "mattermost"}], "analysis": {"en": {"generated_at": "2026-04-15T11:53:50.660425+00:00", "value": {"mitigation_remediation": ["Upgrade Mattermost to 11.5.0, 10.11.13, or later versions.", "Disable or tightly restrict the Connected Workspaces feature until the patch is applied, ensuring that only trusted remote servers can register.", "Monitor Connected Workspaces API logs for unexpected status change requests and review the list of approved remote servers."], "summary": {"action": "Apply Patch", "impact": "Unauthorized status manipulation due to missing authorization checks"}, "threat_synthesis": {"affected_systems": "The affected software is Mattermost. Vulnerable versions are 10.11.0 through 10.11.12. Updated releases 10.11.13 or later, and any 11.5.0 or newer, contain the fix.", "description_and_impact": "Mattermost versions 10.11.x through 10.11.12 do not confirm that users belong to the Connected Workspace that owns them. This oversight allows a malicious remote server that has been provisioned to connect to the target via the Connected Workspaces feature to send API calls that change the displayed status of local users. The impact is a compromise of the integrity of user status information; confidentiality and code execution are not affected by this flaw. The potential for social\u2011engineering attacks is inferred from the ability to alter user status, but the CVE description does not explicitly state that such attacks are feasible.", "risk_and_exploitability": "The CVSS score of 2.7 indicates low severity. No EPSS data is available, and the flaw is not listed in the CISA KEV catalog. The attack requires a malicious remote server that has been provisioned to connect to the target through the Connected Workspaces API; no privileged local user or local code execution is necessary. Because the flaw permits only status modification, the operational impact is limited, and exploitation is unlikely to lead to broader system compromise."}}}}, "created": "2026-04-15T13:44:47.517331+00:00", "updated": "2026-04-15T13:49:14.856099+00:00", "vendors": ["mattermost", "mattermost$PRODUCT$mattermost"]}