Primary

Context

Mattermost Login Method Bypass Vulnerability Allowing UserID-Based Authentication

Vulnerability

Patched

A vulnerability exists in Mattermost versions 11.1.x through 11.1.2, 10.11.x through 10.11.9, and 11.2.x through 11.2.1, where the application fails to properly enforce login method restrictions. This flaw allows authenticated users to bypass Single Sign-On (SSO) login requirements by using userID-based authentication.

Impact

Exploitation of this vulnerability allows for unauthorized bypassing of SSO login requirements, potentially leading to unauthorized access to user accounts.

Remediation

Users can upgrade to Mattermost versions 11.4.0 or 11.4.1 to address this vulnerability.

Added: Feb 16, 2026, 11:47 AM

Updated: Feb 16, 2026, 11:47 AM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

5.2

remediation

7.7

relevance

3.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

5.2

remediation

7.7

relevance

3.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mattermost Login Method Bypass Vulnerability Allowing UserID-Based Authentication

Vulnerability

Impact

Remediation

Affected Products

Mattermost

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating