CVE-2026-6957
Analyzed Analyzed - Analysis Complete
Path Traversal in Mattermost Plugins

Publication date: 2026-05-27

Last updated on: 2026-06-02

Assigner: Mattermost, Inc.

Description
Mattermost Plugins versions <=1.1.5 fail to sanitize filenames received from federated peers before using them to construct export destination paths, which allows an administrator of a remote federated Mattermost server to write files to arbitrary locations within the target server's filestore via a malicious filename delivered through the shared-channel attachment sync protocol. Mattermost Advisory ID: MMSA-2026-00659
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-06-02
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-6957
EUVD
EUVD-2026-32523
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mattermost legal_hold to 1.1.5 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Mattermost Plugins versions up to 1.1.5, where the software fails to properly sanitize filenames received from federated peers before using them to create export destination paths.

Because of this, an administrator of a remote federated Mattermost server can exploit this flaw by sending a malicious filename through the shared-channel attachment sync protocol.

This allows the attacker to write files to arbitrary locations within the target server's filestore.

Impact Analysis

The vulnerability can have severe impacts because it allows an attacker with administrative access on a federated Mattermost server to write files anywhere within the target server's filestore.

This can lead to complete compromise of the target system's confidentiality, integrity, and availability.

  • Confidentiality impact: The attacker can potentially overwrite or add files, exposing sensitive data.
  • Integrity impact: The attacker can modify or replace files, potentially injecting malicious code or corrupting data.
  • Availability impact: The attacker could disrupt normal operations by overwriting critical files.
Compliance Impact

The provided information does not specify how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade Mattermost Plugins to a version later than 1.1.5 where the filename sanitization issue has been fixed.

Since the vulnerability allows an administrator of a remote federated Mattermost server to write files to arbitrary locations, limiting or disabling federation with untrusted servers until the update is applied can reduce risk.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6957. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart