Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-10085

Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to restrict the group_constrained channel flag to public and private channels that support group synchronization, which allows an ordinary group or direct message member to remove all participants from the conversation via the channel patch API.. Mattermost Advisory ID: MMSA-2026-00688
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 6.6%
CVSS Severity
CVSS v3 Score 5.4
Products affected by CVE-2026-10085


Contact Us

Shodan ® - All rights reserved