VDB

CVE-2026-26230

CVE-2026-26230 PUBLISHED CVSS 3.799999952316284 LOW

Mattermost versions 10.11.x <= 10.11.10 fail to properly validate permission requirements in the team member roles API endpoint which allows team administrators to demote members to guest role. Mattermost Advisory ID: MMSA-2025-00531

EPSS 0.04% · 11.3th percentile

Risk Scores

CVSS 3.1
3.799999952316284
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
EPSS Score
0.04%
11.3th percentile

Affected Products

VendorProductVersions
MattermostMattermost10.11.0, 11.4.0, 10.11.11
mattermostmattermost_server10.11.0, 10.11.0, 10.11.0

Exploit Intelligence

Timeline

  • Mar 16, 2026 CVE Published
  • Mar 17, 2026 EPSS Score
  • Mar 17, 2026 CVE Updated
  • Mar 18, 2026 EPSS Score
  • Mar 19, 2026 EPSS Score
  • Mar 20, 2026 EPSS Score
  • Mar 21, 2026 EPSS Score
  • Mar 22, 2026 EPSS Score
  • Mar 22, 2026 Coalition ESS Score
  • Mar 23, 2026 EPSS Score
  • Mar 24, 2026 EPSS Score
  • Mar 25, 2026 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›