CVE-2026-28732
Analyzed Analyzed - Analysis Complete
Slash Command Impersonation in Mattermost

Publication date: 2026-05-18

Last updated on: 2026-05-19

Assigner: Mattermost, Inc.

Description
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 Fail to enforce slash command trigger-word uniqueness during command updates which allows an authenticated team member with Manage Own Slash Commands permission to hijack and impersonate existing system or custom slash commands via editing their own slash command trigger to an already-registered trigger through the command update API. Mattermost Advisory ID: MMSA-2026-00597
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-18
Last Modified
2026-05-19
Generated
2026-06-10
AI Q&A
2026-05-18
EPSS Evaluated
2026-06-08
NVD
CVE-2026-28732
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
mattermost mattermost_server From 10.11.0 (inc) to 10.11.14 (exc)
mattermost mattermost_server From 11.4.0 (inc) to 11.4.4 (exc)
mattermost mattermost_server From 11.5.0 (inc) to 11.5.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Mattermost versions 11.5.x up to 11.5.1, 10.11.x up to 10.11.13, and 11.4.x up to 11.4.3. It occurs because the software fails to enforce uniqueness of slash command trigger words during command updates.

An authenticated team member who has the 'Manage Own Slash Commands' permission can exploit this by editing their own slash command trigger to a trigger word that is already registered by the system or another custom command. This allows them to hijack and impersonate existing slash commands.

Impact Analysis

The vulnerability allows an authenticated user with specific permissions to hijack and impersonate existing system or custom slash commands. This can lead to confusion or misuse within the team environment, as commands may execute unintended actions or mislead users.

While the CVSS score indicates no impact on confidentiality or availability, it does have a low impact on integrity, meaning the commands' behavior can be altered maliciously.

Mitigation Strategies

To mitigate this vulnerability, you should update Mattermost to a version later than the affected versions (11.5.1, 10.11.13, 11.4.3) where the issue is fixed.

Additionally, review and restrict permissions related to 'Manage Own Slash Commands' to trusted users only, as the vulnerability allows authenticated team members with this permission to hijack slash commands.

Stay informed about security updates by monitoring Mattermost's official security updates page.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-28732. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart