CVE-2026-3113
Insecure File Permissions in Mattermost Bulk Export Allows Data Exposure
Publication date: 2026-03-26
Last updated on: 2026-03-30
Assigner: Mattermost, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mattermost | mattermost_server | From 10.11.0 (inc) to 10.11.12 (exc) |
| mattermost | mattermost_server | From 11.2.0 (inc) to 11.2.4 (exc) |
| mattermost | mattermost_server | From 11.3.0 (inc) to 11.3.2 (exc) |
| mattermost | mattermost_server | 11.4.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, and 10.11.x <= 10.11.11 failing to set permissions on downloaded bulk exports, allowing other local users to read the contents.
To detect this vulnerability on your system, you should first verify the version of Mattermost installed to see if it falls within the affected versions.
- Check Mattermost version by running: mattermost version
Next, inspect the permissions of bulk export files downloaded by Mattermost to see if they are improperly set, allowing read access to other local users.
- Locate bulk export files and check their permissions using: ls -l /path/to/bulk/exports
- Look for files with permissions that allow read access to users other than the owner, for example, permissions like -rw-r--r-- or more permissive.
Can you explain this vulnerability to me?
This vulnerability exists in certain versions of Mattermost (11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11) where the application fails to set proper permissions on downloaded bulk export files.
Because of this failure, other local users on the same server can read the contents of these bulk export files, which should otherwise be restricted.
How can this vulnerability impact me? :
The impact of this vulnerability is that unauthorized local users on the server can access sensitive data contained in the bulk export files.
This could lead to exposure of confidential information, potentially compromising privacy and security within the affected Mattermost environment.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows other local users on the server to read the contents of bulk exports due to improper permission settings. Such unauthorized access to potentially sensitive data could lead to non-compliance with data protection regulations like GDPR and HIPAA, which require strict controls on access to personal and protected health information.
Specifically, failure to restrict access to exported data may result in breaches of confidentiality and data privacy requirements mandated by these standards.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading Mattermost to a version later than the affected versions where this permission issue is fixed.
If upgrading immediately is not possible, manually restrict permissions on bulk export files to prevent other local users from reading them.
- Change permissions of bulk export files to be accessible only by the owner, for example: chmod 600 /path/to/bulk/exports/*
- Review and adjust the Mattermost server configuration and file system permissions to ensure sensitive files are not accessible by unauthorized users.