Mattermost Mobile Apps
0 remedies
cpe:2.3:a:mattermost:mattermost_mobile:*:*:*:*:*:*:*
0 remedies
- <= 2.37
- 11.4
- 2.0.37
- 11.0.4
- 11.1.3
- 11.3.2
- 10.11.11.0
Mattermost Mobile Apps SSO Authentication Bypass Vulnerability Allowing Credential Theft
Vulnerability
A vulnerability exists in Mattermost Mobile Apps in versions through 2.37, 11.4, 2.0.37, 11.0.4, 11.1.3, and 11.3.2. These versions fail to properly validate the origin of SSO authentication callbacks. This flaw enables an attacker controlling a malicious Mattermost server to intercept and steal user credentials from a legitimate Mattermost server by relaying the SSO code exchange process through the mobile application.
Impact
Exploitation of this vulnerability could lead to unauthorized access to user accounts by stealing credentials from a legitimate Mattermost server.
Remediation
Users can upgrade to Mattermost Mobile Apps version 11.7 or later to address this vulnerability.
Added: May 21, 2026, 9:26 AM
Updated: May 21, 2026, 9:26 AM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
2.5exploitability
4.2remediation
0.0relevance
9.0threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.