Security Advisory

CVE-2026-0997

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-16 09:58:41

Last updated 2026-02-17 15:00:18

Assigner Mattermost

State PUBLISHED

Description

Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 and Mattermost Plugin Zoom versions <=1.11.0 fail to validate the authenticated user when processing {{/plugins/zoom/api/v1/channel-preference}}, which allows any logged-in user to change Zoom meeting restrictions for arbitrary channels via crafted API requests.. Mattermost Advisory ID: MMSA-2025-00558

← Browse all CVEs View on cve.org ↗