Plattform
mattermost
Komponente
mattermost
Behoben in
10.11.13
11.5.1
11.4.3
11.3.3
8.0.0-20260220133927-c29cf05d40f8
CVE-2026-28741 is a Cross-Site Request Forgery (CSRF) vulnerability discovered in Mattermost. This flaw allows an attacker to manipulate user authentication settings by tricking a user into visiting a malicious webpage. The vulnerability impacts versions 10.11.x up to 10.11.12, 11.5.x up to 11.5.0, 11.4.x up to 11.4.2, and 11.3.x up to 11.3.2. A fix is available in version 11.5.1.
Successful exploitation of CVE-2026-28741 allows an attacker to modify a user's authentication method within a Mattermost instance. This could involve changing password reset mechanisms, enabling or disabling multi-factor authentication, or even altering the primary authentication provider. The impact is significant as it can lead to unauthorized access to user accounts and potentially compromise the entire Mattermost environment. An attacker could craft a phishing page that, when visited by a legitimate user, silently submits a request to change their authentication settings, granting the attacker control over their account. This vulnerability highlights the importance of robust CSRF protection in all web applications, particularly those handling sensitive user data and authentication processes.
CVE-2026-28741 was publicly disclosed on April 15, 2026, with the release of Mattermost Advisory MMSA-2026-00625. There is no indication of active exploitation at this time, and it is not currently listed on CISA KEV. The EPSS score is likely to be low initially, but could increase if a public proof-of-concept is released. Monitor security advisories and threat intelligence feeds for updates.
Organizations utilizing Mattermost for team communication, particularly those with legacy deployments running vulnerable versions (10.11.0–11.5.1). Shared hosting environments where multiple users share a Mattermost instance are also at increased risk, as a compromised user could potentially affect other users on the same server.
• linux / server:
journalctl -u mattermost -f | grep -i "csrf"• generic web:
curl -I https://<mattermost_url>/auth/change_method | grep -i "csrf-token"• wordpress / composer / npm: (Not applicable, as Mattermost is not a WordPress plugin or Node.js package) • database (mysql, redis, mongodb, postgresql): (Not applicable, as the vulnerability does not directly involve database interaction) • windows / supply-chain: (Not applicable, as Mattermost is not a Windows application)
disclosure
Exploit-Status
EPSS
0.02% (4% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-28741 is to upgrade Mattermost to version 11.5.1 or later. If immediate upgrading is not possible, consider implementing temporary workarounds such as strict Content Security Policy (CSP) headers to restrict the origins from which scripts can be executed. Additionally, review and strengthen user awareness training to educate users about the risks of phishing attacks and malicious links. Monitor Mattermost logs for suspicious activity, particularly requests related to authentication settings. While a direct detection signature is difficult to create, unusual authentication method changes should trigger alerts. After upgrading, confirm the fix by attempting a CSRF attack against the authentication endpoint using a tool like Burp Suite and verifying that the request is rejected.
Aktualisieren Sie Mattermost auf Version 11.5.1 oder höher, 10.11.13 oder höher, 11.3.3 oder höher oder 11.4.3 oder höher, um die Schwachstelle zu beheben. Dieses Update behebt das Fehlen der CSRF-Token-Validierung in einem Authentifizierungsendpunkt und verhindert CSRF-Angriffe, die die Änderung der Authentifizierungsmethode eines Benutzers ermöglichen könnten.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-28741 is a Cross-Site Request Forgery (CSRF) vulnerability in Mattermost that allows attackers to modify user authentication methods.
You are affected if you are running Mattermost versions 10.11.0–11.5.1. Upgrade to version 11.5.1 or later to resolve the issue.
Upgrade Mattermost to version 11.5.1 or later. Consider temporary workarounds like restricting access to the authentication endpoint if immediate upgrading is not possible.
There is currently no indication of active exploitation of CVE-2026-28741.
Refer to the official Mattermost advisory: MMSA-2026-00625.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.