Security Advisory

CVE-2026-28741

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-15 10:13:33

Last updated 2026-04-15 15:39:52

Assigner Mattermost

State PUBLISHED

Description

Mattermost versions 10.11.x <= 10.11.12, 11.5.x <= 11.5.0, 11.4.x <= 11.4.2, 11.3.x <= 11.3.2 fail to validate CSRF tokens on an authentication endpoint which allows an attacker to update a users authentication method via a CSRF attack by tricking a user into visiting a malicious page. Mattermost Advisory ID: MMSA-2026-00625

← Browse all CVEs View on cve.org ↗