CVE-2026-13426
MEDIUM SEVERITYCVSS Score & Metrics
Base Score
5.4 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Vulnerability Description
The Mattermost Go module github.com/mattermost/mattermost/server/public versions < v0.1.22 fail to validate path parameters when constructing API route paths which allows an attacker to redirect API calls to unintended endpoints via crafted IDs containing path traversal components. Mattermost Advisory ID: MMSA-2025-00532
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-22
Source
NVD
Vendor
Mattermost
Product
github.com/mattermost/mattermost/server/public
Discussion (0)
Add Comment
No comments yet. Be the first!