CVE-2026-1046

Summary

Mattermost Desktop App versions <=6.0 6.2.0 5.2.13.0 fail to validate help links which allows a malicious Mattermost server to execute arbitrary executables on a user’s system via the user clicking on certain items in the Help menu Mattermost Advisory ID: MMSA-2026-00577

Affected Software

VendorProductVersion RangeStatus
MattermostMattermost0 <= 6.2.0affected
MattermostMattermost0 <= 5.2.13affected
MattermostMattermost6.1.0unaffected
MattermostMattermost6.0.3.0unaffected
MattermostMattermost5.13.3.0unaffected

Weaknesses

  • CWE-939: CWE-939: Improper Authorization in Handler for Custom URL Scheme

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References