CVE-2026-3495

Analyzed Analyzed - Analysis Complete

Stored XSS in Mattermost via Error Page Configuration

Publication date: 2026-05-18

Last updated on: 2026-05-19

Assigner: Mattermost, Inc.

Description

Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to escape some variables that could contain malicious content during error page composition which allows an attacker with access to edit some site configuration to execute some malicious code via injecting some JS as part of those values.. Mattermost Advisory ID: MMSA-2026-00622

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-05-18

Last Modified

2026-05-19

Generated

2026-06-30

AI Q&A

2026-05-19

EPSS Evaluated

2026-06-28

NVD

CVE-2026-3495

Affected Vendors & Products

Vendor	Product	Version / Range
mattermost	mattermost_server	From 10.11.0 (inc) to 10.11.14 (exc)
mattermost	mattermost_server	From 11.5.0 (inc) to 11.5.2 (exc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-79	The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

Compliance Impact

The vulnerability in Mattermost versions 11.5.x <= 11.5.1 and 10.11.x <= 10.11.13 allows an attacker with access to edit some site configuration to inject malicious JavaScript code via unescaped variables during error page composition. This could lead to limited confidentiality and integrity impacts as indicated by the CVSS score (Confidentiality: Low, Integrity: Low).

However, there is no specific information provided about how this vulnerability directly affects compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

This vulnerability affects Mattermost versions 11.5.x up to 11.5.1 and 10.11.x up to 10.11.13. It occurs because some variables that may contain malicious content are not properly escaped during the composition of error pages. An attacker who has access to edit certain site configuration values can inject malicious JavaScript code into these variables, which then gets executed when the error page is displayed.

Impact Analysis

The vulnerability allows an attacker with permission to edit some site configuration to execute malicious JavaScript code in the context of the Mattermost application. This can lead to limited impacts such as information disclosure or manipulation of the user interface, as indicated by the CVSS score which reflects low confidentiality and integrity impacts but no availability impact.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade Mattermost to a version later than 11.5.1 for the 11.5.x series or later than 10.11.13 for the 10.11.x series, as these versions fix the issue with unescaped variables that allow malicious code injection.

Additionally, restrict access to site configuration editing to trusted administrators only, since the vulnerability requires such access to exploit.

Hi! I’m here to help you understand CVE-2026-3495. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70