CVE-2026-6334
Analyzed Analyzed - Analysis Complete
Mattermost OAuth Token Exchange Identity Binding Bypass

Publication date: 2026-05-18

Last updated on: 2026-05-29

Assigner: Mattermost, Inc.

Description
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to enforce client identity binding during the OAuth authorization code redemption flow which allows an authenticated OAuth client to redeem authorization codes issued to a different client via a crafted token exchange request.. Mattermost Advisory ID: MMSA-2026-00570
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-18
Last Modified
2026-05-29
Generated
2026-06-10
AI Q&A
2026-05-18
EPSS Evaluated
2026-06-08
NVD
CVE-2026-6334
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
mattermost mattermost_server From 10.11.0 (inc) to 10.11.14 (exc)
mattermost mattermost_server From 11.5.0 (inc) to 11.5.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-305 The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects Mattermost versions 11.5.x up to 11.5.1 and 10.11.x up to 10.11.13. It occurs because the software fails to enforce client identity binding during the OAuth authorization code redemption flow.

As a result, an authenticated OAuth client can redeem authorization codes that were issued to a different client by crafting a token exchange request. This means one client can impersonate another during the OAuth process.

Impact Analysis

This vulnerability can lead to unauthorized access where an authenticated OAuth client redeems authorization codes meant for another client. This could allow attackers to gain access to resources or data they should not have permission to access.

The CVSS score of 3.1 indicates a low severity impact, with limited confidentiality and integrity impact, and no availability impact. However, it still poses a risk of information disclosure or unauthorized actions within the affected Mattermost environment.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade Mattermost to a version later than 11.5.1 or 10.11.13 where the issue has been fixed.

Since the vulnerability involves failure to enforce client identity binding during OAuth authorization code redemption, applying the official security updates provided by Mattermost is the recommended immediate step.

Monitor Mattermost's official security updates page for patches and advisories.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6334. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart