Security Advisory

CVE-2025-9076

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-09-15 10:06:15

Last updated 2025-09-15 14:05:16

Assigner Mattermost

State PUBLISHED

Description

Mattermost versions 10.10.x <= 10.10.1 fail to properly sanitize user data during shared channel membership synchronization, which allows malicious or compromised remote clusters to access sensitive user information via unsanitized user objects. This vulnerability affects Mattermost Server instances with shared channels enabled.

← Browse all CVEs View on cve.org ↗