Primary

Context

Mattermost Plugins Namespace Validation Vulnerability Allowing Unrestricted Group Subscriptions

Vulnerability

Patched

A vulnerability exists in Mattermost Plugins in versions through 11.5, 11.1.5, 10.13.11, and 11.3.4.0, where the plugins fail to properly validate namespaces. This flaw enables plugin users to subscribe to groups that are not whitelisted by creating groups with prefixes that match those of whitelisted groups.

Impact

Exploitation of this vulnerability could lead to unauthorized group subscriptions, potentially allowing users to access or interact with unapproved group content or activities.

Remediation

Users can upgrade to Mattermost Plugins version 11.7 or later to address this vulnerability.

Added: May 18, 2026, 8:20 AM

Updated: May 18, 2026, 8:20 AM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

0.6

exploitability

5.2

remediation

7.7

relevance

8.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

0.6

exploitability

5.2

remediation

7.7

relevance

8.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mattermost Plugins Namespace Validation Vulnerability Allowing Unrestricted Group Subscriptions

Vulnerability

Impact

Remediation

Affected Products

Mattermost Plugins

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating