Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-9824

Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to check the manage_shared_channels permission in the /share-channel autocomplete handler, which allows an authenticated user without that permission to enumerate configured remote cluster connection metadata via slash command autocomplete.. Mattermost Advisory ID: MMSA-2026-00676
Exploit prediction scoring system (EPSS) score
CVSS Severity
CVSS v3 Score 4.3
Products affected by CVE-2026-9824


Contact Us

Shodan ® - All rights reserved