Platform
mattermost
Component
mattermost
Fixed in
10.11.13
11.5.1
11.4.3
11.3.3
8.0.0-20260220133927-c29cf05d40f8
CVE-2026-28741 is a Cross-Site Request Forgery (CSRF) vulnerability discovered in Mattermost. This flaw allows an attacker to manipulate user authentication settings by tricking a user into visiting a malicious webpage. The vulnerability impacts versions 10.11.x up to 10.11.12, 11.5.x up to 11.5.0, 11.4.x up to 11.4.2, and 11.3.x up to 11.3.2. A fix is available in version 11.5.1.
Successful exploitation of CVE-2026-28741 could allow an attacker to modify a user's authentication method within a Mattermost instance. This could involve changing the authentication provider, disabling multi-factor authentication, or altering other critical security settings. An attacker could potentially gain unauthorized access to user accounts and sensitive data. The blast radius extends to any user whose authentication settings are targeted, potentially compromising the entire Mattermost deployment if administrative accounts are affected. This vulnerability highlights the importance of proper CSRF protection for all sensitive operations.
This vulnerability was publicly disclosed on 2026-04-15. There is no indication of active exploitation at this time, nor is it listed on KEV. The EPSS score is likely low due to the requirement for user interaction and the relatively straightforward mitigation. Refer to the official Mattermost advisory (MMSA-2026-00625) for further details.
Exploit Status
EPSS
0.02% (4% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-28741 is to upgrade Mattermost to version 11.5.1 or later. If immediate upgrading is not possible, consider implementing temporary workarounds such as restricting access to the affected authentication endpoint or implementing stricter input validation. Web Application Firewalls (WAFs) configured to detect and block CSRF attacks can provide an additional layer of defense. Monitor Mattermost logs for suspicious activity, particularly requests originating from unexpected sources or with unusual parameters. After upgrading, confirm the fix by attempting a CSRF attack on the authentication endpoint and verifying that the request is rejected.
Update Mattermost to version 11.5.1 or higher, 10.11.13 or higher, 11.3.3 or higher, or 11.4.3 or higher to mitigate the vulnerability. This update corrects the lack of CSRF token validation on an authentication endpoint, preventing CSRF attacks that could allow modification of a user's authentication method.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-28741 is a Cross-Site Request Forgery (CSRF) vulnerability in Mattermost that allows attackers to modify user authentication methods.
You are affected if you are running Mattermost versions 10.11.0–11.5.1. Upgrade to version 11.5.1 or later to resolve the issue.
Upgrade Mattermost to version 11.5.1 or later. Consider temporary workarounds like restricting access to the authentication endpoint if immediate upgrading is not possible.
There is currently no indication of active exploitation of CVE-2026-28741.
Refer to the official Mattermost advisory: MMSA-2026-00625.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.