Platform
mattermost
Component
mattermost
Fixed in
10.11.13
8.0.0-20260316060126-bc1a2b34b1f9
CVE-2026-27769 is a security vulnerability affecting Mattermost versions 10.11.0 through 11.5.0. This flaw allows a malicious remote server, connected via the Connected Workspaces feature, to modify the displayed status of local users. The vulnerability stems from insufficient validation of user ownership within the Connected Workspaces API, potentially leading to misleading user status information. An update to version 10.11.13 resolves this issue.
Mattermost has released a security advisory (MMSA-2026-00603) concerning CVE-2026-27769. This vulnerability affects Mattermost versions 10.11.x prior to 10.11.13. It allows a malicious remote server connected via the Connected Workspaces feature to modify the displayed status of local users. The flaw lies in the inadequate validation of user ownership within the correct Connected Workspace. This could result in the manipulation of user status information, potentially impacting perceptions of user availability and activity within the Mattermost platform. The severity of this vulnerability is rated as high, with a CVSS 2.7 score of 10.11.13.
An attacker with access to a server connected via the Connected Workspaces feature could exploit this vulnerability. The attacker could send requests to the Connected Workspaces API to modify the status of local users, making them appear absent or available when they are not. This could be used to mislead other users, disrupt communication, or even to conceal malicious activities. The complexity of exploitation is relatively low, requiring access to a connected server and knowledge of the API. The likelihood of exploitation is moderate, depending on the prevalence of the Connected Workspaces feature and the availability of compromised servers.
Exploit Status
EPSS
0.03% (9% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for this vulnerability is to upgrade Mattermost to version 10.11.13 or higher. This version includes the necessary fix to correctly validate user ownership in Connected Workspaces. It is highly recommended to apply this upgrade as soon as possible to protect your Mattermost instance from potential attacks. Additionally, review your Connected Workspace configurations to ensure only trusted servers are connected. Monitor Mattermost logs for any unusual activity related to Connected Workspaces APIs. The upgrade is the most effective and recommended solution.
Actualice Mattermost a la versión 10.11.13 o superior para mitigar la vulnerabilidad. Esta actualización corrige la falta de validación adecuada de la pertenencia al Connected Workspace, previniendo la manipulación del estado del usuario por parte de servidores remotos maliciosos.
Vulnerability analysis and critical alerts directly to your inbox.
Connected Workspaces allow multiple Mattermost instances to communicate with each other, facilitating collaboration between different teams or departments.
You can verify your Mattermost version by accessing the system admin page. The version will be displayed in the system information section.
If you cannot upgrade immediately, consider restricting access to the Connected Workspaces API to only trusted servers.
There is no specific tool to detect this vulnerability. The best way to determine if you are vulnerable is to verify your Mattermost version.
You can find more information about this vulnerability in the Mattermost security advisory: MMSA-2026-00603.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.