All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2026-13426
MEDIUMpublished 2026-06-26 14:17 UTC · 2 days ago · modified 2026-06-26 16:12 UTC
5.4
CVSS / 10
// description
The Mattermost Go module github.com/mattermost/mattermost/server/public versions < v0.1.22 fail to validate path parameters when constructing API route paths which allows an attacker to redirect API calls to unintended endpoints via crafted IDs containing path traversal components. Mattermost Advisory ID: MMSA-2025-00532
// cvss 3.1 vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
// weaknesses (CWE)
- CWE-22