CyberRota
← Ana sayfaya dön

CVE-2026-6046

MEDIUM · CVSS 5.3 EPSS %0.19

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-06-12T17:16:26.957 · Çekilme zamanı: 2026-06-30T18:20:27.653267+00:00

CyberRota Yorumu

Detaylı analiz gerekiyor.

CVE
CVE-2026-6046
Severity
MEDIUM
CVSS
5.3
EPSS
%0.19

Orijinal NVD Açıklaması

Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 fail to validate that a username returned during bot registration belongs to a bot account, which allows an unprivileged attacker to intercept private messages sent by plugins via direct message channels by pre-registering a user account with a predictable plugin bot username.. Mattermost Advisory ID: MMSA-2026-00649