CVE-2026-3524: Mattermost Legal Hold Plugin Auth Bypass (HIGH)
Plattform
mattermost
Komponente
legal-hold
Behoben in
1.1.5
CVE-2026-3524 is a security vulnerability affecting the Mattermost Legal Hold Plugin. It involves a failure to properly halt request processing after an authorization check, enabling an authenticated attacker to bypass security measures. This can lead to unauthorized access, creation, download, and deletion of sensitive legal hold data. The vulnerability impacts versions 0.0.0 through 1.1.4, but a patch is available in version 1.1.5.
So beheben
Kein offizieller Patch verfügbar. Prüfe auf Workarounds oder überwache auf Updates.
Häufig gestellte Fragen
What is CVE-2026-3524?
CVE-2026-3524 is a vulnerability in the Mattermost Legal Hold Plugin where an authenticated attacker can access, create, download, and delete legal hold data due to a flaw in authorization handling. This bypasses intended security controls.
Am I affected by CVE-2026-3524?
You are affected if you are using the Mattermost Legal Hold Plugin versions 0.0.0 through 1.1.4. Instances running versions prior to 1.1.5 are vulnerable to this authorization bypass.
How do I fix CVE-2026-3524?
Upgrade the Mattermost Legal Hold Plugin to version 1.1.5 or later to address this vulnerability. This update includes the necessary fix to properly handle authorization checks and prevent unauthorized data access.
Abhängigkeiten automatisch überwachen
Werde benachrichtigt, wenn neue Schwachstellen deine Projekte betreffen. Für immer kostenlos.
Kostenlos starten