Security Advisory

CVE-2026-3115

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-26 16:23:05

Last updated 2026-03-26 17:51:14

Assigner Mattermost

State PUBLISHED

Description

Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail to apply view restrictions when retrieving group member IDs, which allows authenticated guest users to enumerate user IDs outside their allowed visibility scope via the group retrieval endpoint.. Mattermost Advisory ID: MMSA-2026-00594

← Browse all CVEs View on cve.org ↗