平台
go
组件
github.com/mattermost/mattermost/server/v8
修复版本
11.2.3
10.11.11
11.4.1
11.3.2
11.4.1
CVE-2026-27659 is a Cross-Site Request Forgery (CSRF) vulnerability discovered in Mattermost's /api/v4/accesscontrolpolicies/{policy_id}/activate endpoint. This flaw allows an attacker to potentially manipulate access control policies by tricking an authenticated administrator into unknowingly executing a malicious request. The vulnerability impacts Mattermost versions 11.2.x up to 11.2.2, 10.11.x up to 10.11.10, 11.4.x up to 11.4.0, and 11.3.x up to 11.3.1. A fix is available in version 11.4.1.
Successful exploitation of CVE-2026-27659 could allow an attacker to gain unauthorized control over Mattermost's access control policies. This could lead to scenarios where sensitive data is exposed, unauthorized users are granted access, or critical system functions are compromised. For example, an attacker could disable access controls for specific channels or teams, effectively granting themselves or others unrestricted access. The blast radius extends to any data or functionality protected by the manipulated access control policies. The ability to modify access control policies represents a significant escalation of privilege within the Mattermost environment.
This vulnerability was publicly disclosed on March 25, 2026, with the publication of Mattermost Advisory MMSA-2026-00578. The CSRF nature of the vulnerability suggests a relatively low probability of exploitation (EPSS score likely low), but the potential impact warrants attention. No public proof-of-concept (PoC) code has been publicly released as of this writing, but the ease of crafting CSRF requests means a PoC could emerge quickly. Monitor Mattermost forums and security mailing lists for updates.
Organizations heavily reliant on Mattermost for internal communication and collaboration are particularly at risk. Teams with lax access control policies or those that frequently grant administrative privileges to non-technical users are also more vulnerable. Shared hosting environments where multiple Mattermost instances share the same server could also be affected, potentially allowing an attacker to exploit the vulnerability across multiple instances.
• linux / server: Monitor Mattermost access logs for unusual activity related to the /api/v4/accesscontrolpolicies/{policy_id}/activate endpoint. Look for requests originating from unexpected IP addresses or user agents.
journalctl -u mattermost -f | grep '/api/v4/access_control_policies/'• generic web: Use curl to test the endpoint with a crafted CSRF token. Verify that the server rejects the request if the token is invalid.
curl -X POST -H "Content-Type: application/json" -H "X-CSRF-Token: INVALID_TOKEN" "https://mattermost.example.com/api/v4/access_control_policies/{policy_id}/activate"• go: Examine Mattermost server code for instances of the vulnerable endpoint and ensure CSRF token validation is properly implemented. Review recent code changes for potential regressions.
disclosure
patch
漏洞利用状态
EPSS
0.02% (6% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2026-27659 is to upgrade Mattermost to version 11.4.1 or later. If immediate upgrading is not possible, consider implementing temporary workarounds. While a direct WAF rule is difficult to implement due to the nature of CSRF, enforcing strict authentication and authorization policies can reduce the attack surface. Review and audit existing access control policies to identify any anomalies or suspicious configurations. Educate administrators about the risks of CSRF and the importance of verifying requests before executing them. After upgrading, confirm the fix by attempting to trigger the vulnerable endpoint with a crafted CSRF request and verifying that it is rejected.
升级 Mattermost 到最新可用版本。 UpdateAccessControlPolicyActiveStatus 端点中的 CSRF 漏洞允许攻击者通过构造的请求欺骗管理员更改访问控制策略的活动状态。升级到最新版本修复了 CSRF token 验证。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2026-27659 is a CSRF vulnerability in Mattermost's access control policy activation endpoint, allowing attackers to manipulate policies through crafted requests. It affects versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, and 11.3.x <= 11.3.1.
You are affected if you are running Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, or 11.3.x <= 11.3.1. Upgrade to 11.4.1 or later to mitigate the risk.
Upgrade Mattermost to version 11.4.1 or later. If immediate upgrade isn't possible, implement stricter authentication and authorization policies and educate administrators.
While no public exploits are currently known, the CSRF nature of the vulnerability means exploitation is possible. Monitor Mattermost forums and security mailing lists for updates.
You can find the official advisory on the Mattermost website: https://mattermost.com/security/advisories/MMSA-2026-00578
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。
上传你的 go.mod 文件,立即知道是否受影响。