In Appsmith versions prior to 1.98 a medium severity vulnerability CVE-2026-34411 was detected. This vulnerability allows unauthenticated attackers to access sensitive instance management API endpoints, such as `/api/v1/consolidated-api/view` and `/api/v1/tenants/current`, to retrieve configuration metadata, license information, and unsalted SHA-256 hashes of admin email domains, which can be used for reconnaissance and targeted attacks. To address this issue, users should upgrade Appsmith to version 1.98 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-34411.
Read more Application Development
In Dolibarr versions 22.0.4 and prior a medium severity vulnerability CVE-2026-34036 was detected. This vulnerability allows an authenticated user with no specific privileges to read arbitrary non-PHP files on the server (e.g., .env, .htaccess, configuration backups, logs) by exploiting a Local File Inclusion (LFI) flaw in the `/core/ajax/selectobject.php` endpoint via the `objectdesc` parameter and a fail-open logic in the `restrictedArea()` access control function. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-34036.
Read more ERP
In Mattermost versions 11.3.x (≤ 11.3.0), 11.2.x (≤ 11.2.2), and 10.11.x (≤ 10.11.10) a medium severity vulnerability CVE-2026-2463 was detected. This vulnerability allows regular users to bypass access control restrictions and register unauthorized accounts using leaked invite IDs, due to improper filtering of invite identifiers based on user permissions. To address this issue, users should upgrade Mattermost to versions 11.4.0, 11.3.1, 11.2.3 or 10.11.11. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-2463.
Read more Communication
In Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, and 10.11.x <= 10.11.10 a medium severity vulnerability CVE-2026-2462 was detected. This vulnerability allows unauthenticated attackers to achieve remote code execution (RCE) and exfiltrate sensitive configuration data, including AWS and SMTP credentials, by uploading a malicious plugin on CI test instances with default admin credentials. To address this issue, users should upgrade Mattermost to versions 11.4.0, 11.3.1, 11.2.3 or 10.11.11. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-2462.
Read more Communication
In Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, and 10.11.x <= 10.11.10 a medium severity vulnerability CVE-2026-2458 was detected. This vulnerability allows removed team members to enumerate public channels within a private team via the channel search API endpoint due to improper validation of team membership. To address this issue, users should upgrade Mattermost to versions 11.4.0, 11.3.1, 11.2.3 or 10.11.11. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-2458.
Read more Communication
In Mattermost versions 11.3.x (≤ 11.3.0) a medium severity vulnerability CVE-2026-2578 was detected. This vulnerability allows channel members to access unrevealed burn-on-read message contents via a WebSocket post deletion event, due to failure to preserve the redacted state of messages during deletion. To address this issue, users should upgrade Mattermost to versions 11.4.0 or 11.3.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-2578.
Read more Communication
In Mattermost versions 11.3.x (≤ 11.3.0), 11.2.x (≤ 11.2.2), and 10.11.x (≤ 10.11.10) a medium severity vulnerability CVE-2026-4265 was detected. This vulnerability allows guest users to upload files in channels across teams where they lack permissions by reusing file metadata from authorized uploads, due to improper validation of team-specific upload_file permissions. To address this issue, users should upgrade Mattermost to versions 11.4.0, 11.3.1, 11.2.3 or 10.11.11. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-4265.
Read more Communication
In Mattermost versions 11.3.x (≤ 11.3.0), 11.2.x (≤ 11.2.2), and 10.11.x (≤ 10.11.10) a medium severity vulnerability CVE-2026-24692 was detected. This vulnerability allows guest users without read permissions to access posts and files in channels via the search API due to improper enforcement of access controls. To address this issue, users should upgrade Mattermost to versions 11.4.0, 11.3.1, 11.2.3 or 10.11.11. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-24692.
Read more Communication
In Mattermost versions 11.3.x (≤ 11.3.0), 11.2.x (≤ 11.2.2), and 10.11.x (≤ 10.11.10) a high severity vulnerability CVE-2026-24458 was detected. This vulnerability allows an attacker to cause denial of service by submitting login attempts with multi-megabyte passwords, leading to excessive CPU and memory consumption due to improper input handling. To address this issue, users should upgrade Mattermost to versions 11.4.0, 11.3.1, 11.2.3 or 10.11.11. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-24458.
Read more Communication