CVE-2026-3117
Analyzed Analyzed - Analysis Complete

Mattermost GitLab Plugin Command Execution Flaw

Publication date: 2026-05-18

Last updated on: 2026-05-29

Assigner: Mattermost, Inc.

Description
Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to properly check for permissions when processing commands in the Gitlab plugin which allows normal users to uninstall instances or setup webhook connections via the {{gitlab instance {option}}} or the {{/gitlab webhook {option}}} commands. Mattermost Advisory ID: MMSA-2026-00600

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-18
Last Modified
2026-05-29
Generated
2026-06-30
AI Q&A
2026-05-19
EPSS Evaluated
2026-06-28
NVD
CVE-2026-3117

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
mattermost mattermost_server From 10.13.0 (inc) to 10.13.11 (inc)
mattermost mattermost_server From 11.1.0 (inc) to 11.1.5 (inc)
mattermost mattermost_server From 11.3.0 (inc) to 11.3.4 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Detection Guidance

This vulnerability involves improper permission checks in Mattermost Gitlab plugin commands, specifically the {{gitlab instance {option}}} and {{/gitlab webhook {option}}} commands. Detection would involve monitoring or testing these commands to see if normal users can execute them to uninstall instances or set up webhook connections without proper authorization.

Since the provided resources do not include specific detection commands or network signatures, a practical approach would be to attempt executing these commands as a normal user in a controlled environment to verify if permission checks are enforced.

No explicit command-line detection commands or network detection signatures are provided in the available information.

Executive Summary

This vulnerability exists in Mattermost Plugins versions up to 11.5, specifically in the Gitlab plugin versions 11.1.5, 10.13.11, and 11.3.4.0. The issue is that the plugin fails to properly check user permissions when processing certain commands.

Because of this improper permission check, normal users (who should not have administrative privileges) can execute commands that allow them to uninstall Gitlab instances or set up webhook connections using the commands {{gitlab instance {option}}} or {{/gitlab webhook {option}}}.

Impact Analysis

The vulnerability can lead to unauthorized actions by normal users, such as uninstalling Gitlab instances or configuring webhook connections without proper permissions.

This can disrupt service availability (denial of service) or allow attackers to manipulate integrations, potentially leading to further security issues.

The CVSS score of 6.5 indicates a medium severity impact, with the main impact being on availability (A:H), meaning the availability of the service can be severely affected.

Mitigation Strategies

To mitigate this vulnerability, you should update the Mattermost Gitlab plugin to a version later than the affected versions (versions greater than 11.5, 11.1.5, 10.13.11, and 11.3.4.0) where the permission checks have been properly implemented.

Additionally, monitor the official Mattermost Security Updates page for any patches or further guidance related to this issue.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-3117. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart