{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3112", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "state": "PUBLISHED", "assignerShortName": "Mattermost", "dateReserved": "2026-02-24T10:55:16.031Z", "datePublished": "2026-03-26T16:29:54.399Z", "dateUpdated": "2026-03-26T16:51:15.488Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Mattermost", "vendor": "Mattermost", "versions": [{"lessThanOrEqual": "11.4.0", "status": "affected", "version": "11.4.0", "versionType": "semver"}, {"lessThanOrEqual": "11.3.1", "status": "affected", "version": "11.3.0", "versionType": "semver"}, {"lessThanOrEqual": "11.2.3", "status": "affected", "version": "11.2.0", "versionType": "semver"}, {"lessThanOrEqual": "10.11.11", "status": "affected", "version": "10.11.0", "versionType": "semver"}, {"version": "11.5.0", "status": "unaffected"}, {"version": "11.4.1", "status": "unaffected"}, {"version": "11.3.2", "status": "unaffected"}, {"version": "11.2.4", "status": "unaffected"}, {"version": "10.11.12", "status": "unaffected"}]}], "credits": [{"lang": "en", "type": "finder", "value": "mufeedvh"}], "descriptions": [{"lang": "en", "value": "Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to validate Advanced Logging file target paths which allows system administrators to read arbitrary host files via malicious AdvancedLoggingJSON configuration in support packet generation. Mattermost Advisory ID: MMSA-2025-00562"}], "metrics": [{"cvssV3_1": {"attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "baseSeverity": "MEDIUM", "baseScore": 6.8}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "cweId": "CWE-22"}]}], "references": [{"url": "https://mattermost.com/security-updates", "name": "MMSA-2025-00562", "tags": ["vendor-advisory"]}], "solutions": [{"value": "Update Mattermost to versions 11.5.0, 11.4.1, 11.3.2, 11.2.4, 10.11.12 or higher.", "lang": "en"}], "source": {"advisory": "MMSA-2025-00562", "defect": ["https://mattermost.atlassian.net/browse/MM-66788"], "discovery": "EXTERNAL"}, "title": "Arbitrary File Read via Advanced Logging Support Packet", "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2026-03-26T16:29:54.399Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-26T16:51:09.685515Z", "id": "CVE-2026-3112", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T16:51:15.488Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3112", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-26T16:51:09.685515Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T16:51:12.964Z"}}], "cna": {"title": "Arbitrary File Read via Advanced Logging Support Packet", "source": {"defect": ["https://mattermost.atlassian.net/browse/MM-66788"], "advisory": "MMSA-2025-00562", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "mufeedvh"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Mattermost", "product": "Mattermost", "versions": [{"status": "affected", "version": "11.4.0", "versionType": "semver", "lessThanOrEqual": "11.4.0"}, {"status": "affected", "version": "11.3.0", "versionType": "semver", "lessThanOrEqual": "11.3.1"}, {"status": "affected", "version": "11.2.0", "versionType": "semver", "lessThanOrEqual": "11.2.3"}, {"status": "affected", "version": "10.11.0", "versionType": "semver", "lessThanOrEqual": "10.11.11"}, {"status": "unaffected", "version": "11.5.0"}, {"status": "unaffected", "version": "11.4.1"}, {"status": "unaffected", "version": "11.3.2"}, {"status": "unaffected", "version": "11.2.4"}, {"status": "unaffected", "version": "10.11.12"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update Mattermost to versions 11.5.0, 11.4.1, 11.3.2, 11.2.4, 10.11.12 or higher."}], "references": [{"url": "https://mattermost.com/security-updates", "name": "MMSA-2025-00562", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to validate Advanced Logging file target paths which allows system administrators to read arbitrary host files via malicious AdvancedLoggingJSON configuration in support packet generation. Mattermost Advisory ID: MMSA-2025-00562"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2026-03-26T16:29:54.399Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3112", "state": "PUBLISHED", "dateUpdated": "2026-03-26T16:51:15.488Z", "dateReserved": "2026-02-24T10:55:16.031Z", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "datePublished": "2026-03-26T16:29:54.399Z", "assignerShortName": "Mattermost"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "D144BD1D-F65C-498D-BC8A-F3D718F47F4B", "versionEndExcluding": "10.11.12", "versionStartIncluding": "10.11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "2E3E9B61-F003-45E4-9A04-8015A5CB8558", "versionEndExcluding": "11.2.4", "versionStartIncluding": "11.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "805ECFFC-82FD-4754-AF95-32167E1D41CB", "versionEndExcluding": "11.3.2", "versionStartIncluding": "11.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mattermost:mattermost_server:11.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "7B6A1FE2-D980-4755-A838-190A53A4D62B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to validate Advanced Logging file target paths which allows system administrators to read arbitrary host files via malicious AdvancedLoggingJSON configuration in support packet generation. Mattermost Advisory ID: MMSA-2025-00562"}, {"lang": "es", "value": "Las versiones de Mattermost 11.4.x &lt;= 11.4.0, 11.3.x &lt;= 11.3.1, 11.2.x &lt;= 11.2.3, 10.11.x &lt;= 10.11.11 no validan las rutas de destino de los archivos de Registro Avanzado, lo que permite a los administradores del sistema leer archivos de host arbitrarios a trav\u00e9s de una configuraci\u00f3n JSON de Registro Avanzado maliciosa en la generaci\u00f3n de paquetes de soporte. ID de Aviso de Mattermost: MMSA-2025-00562"}], "id": "CVE-2026-3112", "lastModified": "2026-03-30T19:42:39.833", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 4.0, "source": "responsibledisclosure@mattermost.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-26T17:16:42.123", "references": [{"source": "responsibledisclosure@mattermost.com", "tags": ["Vendor Advisory"], "url": "https://mattermost.com/security-updates"}], "sourceIdentifier": "responsibledisclosure@mattermost.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "responsibledisclosure@mattermost.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[11.4.0,11.4.0]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[11.3.0,11.3.0]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[11.2.0,11.2.0]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[10.11.0,10.11.0]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "11.5.0"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "11.4.1"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "11.3.2"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "11.2.4"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "10.11.12"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Mattermost", "source": "cna", "vendor": "Mattermost"}, "product": "mattermost", "vendor": "mattermost"}], "analysis": {"en": {"generated_at": "2026-03-30T20:29:50.604826+00:00", "value": {"mitigation_remediation": ["Upgrade Mattermost to a fixed release \u2013 at least v11.5.0, 11.4.1, 11.3.2, 11.2.4, or 10.11.12 or later."], "summary": {"action": "Immediate Patch", "impact": "Arbitrary File Read"}, "threat_synthesis": {"affected_systems": "Vulnerable Mattermost installations include server releases in the 11.4.x, 11.3.x, 11.2.x, and 10.11.x series with affected build numbers up to 11.4.0, 11.3.1, 11.2.3, and 10.11.11 respectively. Administrators using these versions should check their deployment against the affected builds and plan an update accordingly.", "description_and_impact": "Mattermost server versions up to 11.4.0, 11.3.1, 11.2.3, and 10.11.11 allow a constructed AdvancedLoggingJSON configuration to specify any file target path during support packet generation. The application does not validate these paths, enabling an attacker to read arbitrary files on the host. The resulting confidentiality breach can expose system credentials, configuration files, or other sensitive information, potentially compromising the entire host environment if the attacker can execute additional actions.", "risk_and_exploitability": "The CVSS base score of 6.8 reflects medium severity with a moderate impact on confidentiality. An EPSS score below 1% indicates a low probability of widespread exploitation at present, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Exploitation requires control over the Advanced Logging configuration, which is typically limited to administrators or privileged users. Without such access, a public attacker is unlikely to exploit the flaw, but internal threats or compromised administrators pose a significant risk."}}}}, "created": "2026-03-27T08:33:52.122156+00:00", "updated": "2026-03-30T20:57:40.149816+00:00", "vendors": ["mattermost", "mattermost$PRODUCT$mattermost"]}