{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2463", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "state": "PUBLISHED", "assignerShortName": "Mattermost", "dateReserved": "2026-02-13T11:32:02.091Z", "datePublished": "2026-03-16T11:13:57.575Z", "dateUpdated": "2026-03-16T13:49:58.332Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Mattermost", "vendor": "Mattermost", "versions": [{"lessThanOrEqual": "11.3.0", "status": "affected", "version": "11.3.0", "versionType": "semver"}, {"lessThanOrEqual": "11.2.2", "status": "affected", "version": "11.2.0", "versionType": "semver"}, {"lessThanOrEqual": "10.11.10", "status": "affected", "version": "10.11.0", "versionType": "semver"}, {"version": "11.4.0", "status": "unaffected"}, {"version": "11.3.1", "status": "unaffected"}, {"version": "11.2.3", "status": "unaffected"}, {"version": "10.11.11", "status": "unaffected"}]}], "credits": [{"lang": "en", "type": "finder", "value": "omarAhmed1"}], "descriptions": [{"lang": "en", "value": "Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to filter invite IDs based on user permissions, which allows regular users to bypass access control restrictions and register unauthorized accounts via leaked invite IDs during team creation.. Mattermost Advisory ID: MMSA-2025-00565"}], "metrics": [{"cvssV3_1": {"attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "MEDIUM", "baseScore": 4.3}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-862: Missing Authorization", "cweId": "CWE-862"}]}], "references": [{"url": "https://mattermost.com/security-updates", "name": "MMSA-2025-00565", "tags": ["vendor-advisory"]}], "solutions": [{"value": "Update Mattermost to versions 11.4.0, 11.3.1, 11.2.3, 10.11.11 or higher.", "lang": "en"}], "source": {"advisory": "MMSA-2025-00565", "defect": ["https://mattermost.atlassian.net/browse/MM-66826"], "discovery": "EXTERNAL"}, "title": "Unauthorized access to invite ID during team creation", "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2026-03-16T11:13:57.575Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2463", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-16T13:42:48.601175Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T13:49:58.332Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2463", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-16T13:42:48.601175Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T13:44:19.874Z"}}], "cna": {"title": "Unauthorized access to invite ID during team creation", "source": {"defect": ["https://mattermost.atlassian.net/browse/MM-66826"], "advisory": "MMSA-2025-00565", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "omarAhmed1"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Mattermost", "product": "Mattermost", "versions": [{"status": "affected", "version": "11.3.0", "versionType": "semver", "lessThanOrEqual": "11.3.0"}, {"status": "affected", "version": "11.2.0", "versionType": "semver", "lessThanOrEqual": "11.2.2"}, {"status": "affected", "version": "10.11.0", "versionType": "semver", "lessThanOrEqual": "10.11.10"}, {"status": "unaffected", "version": "11.4.0"}, {"status": "unaffected", "version": "11.3.1"}, {"status": "unaffected", "version": "11.2.3"}, {"status": "unaffected", "version": "10.11.11"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update Mattermost to versions 11.4.0, 11.3.1, 11.2.3, 10.11.11 or higher."}], "references": [{"url": "https://mattermost.com/security-updates", "name": "MMSA-2025-00565", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to filter invite IDs based on user permissions, which allows regular users to bypass access control restrictions and register unauthorized accounts via leaked invite IDs during team creation.. Mattermost Advisory ID: MMSA-2025-00565"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862: Missing Authorization"}]}], "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2026-03-16T11:13:57.575Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2463", "state": "PUBLISHED", "dateUpdated": "2026-03-16T13:49:58.332Z", "dateReserved": "2026-02-13T11:32:02.091Z", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "datePublished": "2026-03-16T11:13:57.575Z", "assignerShortName": "Mattermost"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "B6E5F368-358C-429B-8F04-3C8DF4A71A91", "versionEndExcluding": "10.11.11", "versionStartIncluding": "10.11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "7F64C167-943D-4F3F-9374-BCC8DECB3881", "versionEndExcluding": "11.2.3", "versionStartIncluding": "11.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "945A6E29-209F-4992-8692-BEF63DCB6B98", "versionEndExcluding": "11.3.1", "versionStartIncluding": "11.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to filter invite IDs based on user permissions, which allows regular users to bypass access control restrictions and register unauthorized accounts via leaked invite IDs during team creation.. Mattermost Advisory ID: MMSA-2025-00565"}, {"lang": "es", "value": "Las versiones de Mattermost 11.3.x &lt;= 11.3.0, 11.2.x &lt;= 11.2.2, 10.11.x &lt;= 10.11.10 no filtran los ID de invitaci\u00f3n bas\u00e1ndose en los permisos de usuario, lo que permite a los usuarios regulares eludir las restricciones de control de acceso y registrar cuentas no autorizadas a trav\u00e9s de ID de invitaci\u00f3n filtrados durante la creaci\u00f3n de equipos. ID de Aviso de Mattermost: MMSA-2025-00565"}], "id": "CVE-2026-2463", "lastModified": "2026-03-18T17:43:26.553", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "responsibledisclosure@mattermost.com", "type": "Secondary"}]}, "published": "2026-03-16T14:19:30.193", "references": [{"source": "responsibledisclosure@mattermost.com", "tags": ["Vendor Advisory"], "url": "https://mattermost.com/security-updates"}], "sourceIdentifier": "responsibledisclosure@mattermost.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "responsibledisclosure@mattermost.com", "type": "Secondary"}]}

{}

{}