VDB
GO-2026-4317
GO-2026-4317
PUBLISHED
Mattermost Server does not neutralize HTML content in an Email template field in github.com/mattermost/mattermost-server
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | mattermost/mattermost-server | 0, 4.1.0+incompatible, 4.2.0-rc1+incompatible |
Timeline
- Jan 23, 2026 CVE Published
- Mar 3, 2026 CVE Updated
- May 1, 2026 Security Advisory
References
- https://github.com/advisories/GHSA-wj5w-qghh-gvqp advisory
- https://nvd.nist.gov/vuln/detail/CVE-2017-18892 advisory
- https://github.com/mattermost/mattermost/commit/4e05fbffed4d7ad75c0bb55d67d2c6f7cf9eaad6 url
- https://github.com/mattermost/mattermost/commit/d76946bdb545aba4088943fc523dabb459d22873 url
- https://github.com/mattermost/mattermost/commit/f5167f3ba645b829f4c28530e13be6c3db967255 url
- https://mattermost.com/security-updates url