Primary

Context

Mattermost Post Edit Time Limit Bypass Vulnerability in Attachment Modification

Vulnerability

Patched

A vulnerability exists in Mattermost versions 11.5.x through 11.5.1 and 10.11.x through 10.11.13, allowing authenticated users to bypass the PostEditTimeLimit restriction on non-message post fields. This flaw enables users to alter post file attachments, properties, and pin status after the designated edit period has lapsed, using the post patch and update API endpoints.

Impact

Exploitation of this vulnerability could lead to unauthorized modifications of post attachments, properties, and pin statuses, potentially disrupting communication and information sharing within Mattermost channels.

Remediation

Users can upgrade to Mattermost versions 11.7.0 or 11.7.0 to address this vulnerability.

Added: May 15, 2026, 7:25 PM

Updated: May 15, 2026, 7:25 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

4.8

remediation

7.7

relevance

8.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

4.8

remediation

7.7

relevance

8.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mattermost Post Edit Time Limit Bypass Vulnerability in Attachment Modification

Vulnerability

Impact

Remediation

Affected Products

Mattermost

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating