CVE-2026-22545 — Vulnetix

CVE-2026-22545 PUBLISHED CVSS 3.0999999046325684 LOW

Mattermost fails to validate user's authentication method when processing account auth type switch

EPSS 0.07% · 20.8th percentile

Risk Scores

CVSS v3.1

3.0999999046325684

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

EPSS Score

0.07%

20.8th percentile

Affected Products

Vendor	Product	Versions
github.com	mattermost/mattermost/server/v8	0, 0
mattermost	mattermost_server	10.11.0, 10.11.0
Mattermost	Mattermost	10.11.11, 10.11.0, 11.4.0
github.com	mattermost/mattermost-server	10.11.0-rc1, 11.2.0-rc1, 11.3.0-rc1

Timeline

Mar 16, 2026 CVE Published
Mar 17, 2026 EPSS Score
Mar 18, 2026 EPSS Score
Mar 19, 2026 CVE Updated
Mar 19, 2026 EPSS Score
Mar 20, 2026 EPSS Score
Mar 20, 2026 Security Advisory
Mar 21, 2026 EPSS Score
Mar 22, 2026 EPSS Score
Mar 22, 2026 Coalition ESS Score
Mar 23, 2026 EPSS Score
Mar 24, 2026 EPSS Score

References

MMSA-2026-00583 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2026-22545 advisory
https://github.com/mattermost/mattermost/commit/ced9a56e3988fe9fd4559d45f9971dbd562e2218 url
https://github.com/mattermost/mattermost package

Open in Interactive Console →

$ Console Community · 100/wk Open console ›