Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-1046
PUBLISHED
More InfoOfficial Page
Assigner-Mattermost
Assigner Org ID-9302f53e-dde5-4bf3-b2f2-a83f91ac0eee
View Known Exploited Vulnerability (KEV) details
Published At-16 Feb, 2026 | 12:10
Updated At-16 Feb, 2026 | 12:10
Rejected At-
▼CVE Numbering Authority (CNA)
Arbitrary application execution via unvalidated server-controlled URLs in Help menu

Mattermost Desktop App versions <=6.0 6.2.0 5.2.13.0 fail to validate help links which allows a malicious Mattermost server to execute arbitrary executables on a user’s system via the user clicking on certain items in the Help menu Mattermost Advisory ID: MMSA-2026-00577

Affected Products
Vendor
Mattermost, Inc.Mattermost
Product
Mattermost
Default Status
unaffected
Versions
Affected
  • From 0 through 6.2.0 (semver)
  • From 0 through 5.2.13 (semver)
Unaffected
  • 6.1.0
  • 6.0.3.0
  • 5.13.3.0
Problem Types
TypeCWE IDDescription
CWECWE-939CWE-939: Improper Authorization in Handler for Custom URL Scheme
Type: CWE
CWE ID: CWE-939
Description: CWE-939: Improper Authorization in Handler for Custom URL Scheme
Metrics
VersionBase scoreBase severityVector
3.17.6HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:L
Version: 3.1
Base score: 7.6
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Update Mattermost Desktop App to versions 6.1.0, 6.0.3.0, 5.13.3.0 or higher.

Configurations
Workarounds
Exploits
Credits
finder
hackerman70000
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://mattermost.com/security-updates
vendor-advisory
Hyperlink: https://mattermost.com/security-updates
Resource:
vendor-advisory
Details not found