Primary

Context

Mattermost WebSocket Multi-Factor Authentication Bypass Vulnerability

Vulnerability

Patched

A vulnerability exists in Mattermost versions prior to 11, where the application fails to properly enforce multi-factor authentication on WebSocket connections. This oversight allows unauthenticated users to access sensitive information through WebSocket events.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information via WebSocket events.

Remediation

Users can upgrade to Mattermost version 11.1.011.0.310.12.210.11.510.5.13 to address this vulnerability.

Added: Nov 14, 2025, 9:11 AM

Updated: Nov 14, 2025, 9:11 AM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

7.4

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

7.4

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mattermost WebSocket Multi-Factor Authentication Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Mattermost

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating