Book a demo

Our news and updates

Choose category
26 Mar 2026 Communication and Collaboration
Mattermost: Memory Exhaustion DoS via DOC File Processing

In Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, and 10.11.x <= 10.11.10 a medium severity vulnerability CVE-2026-25780 was detected. This vulnerability allows authenticated attackers to cause server memory exhaustion and denial of service (DoS) by uploading a specially crafted DOC file due to unbounded memory allocation during file processing. To address this issue, users should upgrade Mattermost to versions 11.4.0, 11.3.1, 11.2.3 or 10.11.11. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-25780.

 Read more Communication
25 Mar 2026 Project and Agile Management
Kanboard: User Invite Endpoint Allows Privilege Escalation via Role Injection

In Kanboard versions prior to 1.2.51 a high severity vulnerability CVE-2026-29056 was detected. This vulnerability allows an attacker who receives a user invite link to inject `role=app-admin` during registration, creating an administrator account and escalating privileges. To address this issue, users should upgrade Kanboard to version 1.2.51. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-29056.

 Read more Project Management
25 Mar 2026 Data Management and Analytics
Kibana: Timelion Plugin Denial of Service via Improper Quantity Validation

In Kibana all versions from 8.0.0 up to and including 8.19.12, all versions from 9.0.0 up to and including 9.2.6, all versions from 9.3.0 up to and including 9.3.1 a medium severity vulnerability CVE-2026-26940 was detected. This vulnerability allows an authenticated user to send a specially crafted Timelion expression with an excessively large quantity value, causing internal series data properties to be overwritten and resulting in a Denial of Service via excessive resource allocation. To address this issue, users should upgrade Kibana to versions 8.19.13, 9.2.7 or 9.3.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-26940.

 Read more Data Analytics
25 Mar 2026 Data Management and Analytics
Kibana: Detection Rule Management Missing Authorization Allows Unauthorized Endpoint Actions

In Kibana all versions from 8.0.0 up to and including 8.19.11, all versions from 9.0.0 up to and including 9.2.5, and version 9.3.0 a high severity vulnerability CVE-2026-26939 was detected. This vulnerability allows an authenticated attacker with rule management privileges to bypass server-side authorization in the Detection Rule Management system, enabling unauthorized configuration of endpoint response actions such as host isolation, process termination, and process suspension. To address this issue, users should upgrade Kibana to versions 8.19.12, 9.2.6 or 9.3.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-26939.

 Read more Data Analytics
25 Mar 2026 Communication and Collaboration
Mattermost: Plugins Configuration Exposure via Unmasked Sensitive Values

In Mattermost Plugins versions 2.0.3.0 and earlier a medium severity vulnerability CVE-2026-2476 was detected. This vulnerability allows an attacker with access to support packets to obtain original plugin settings because sensitive configuration values are not properly masked in exported configuration data. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-2476.

 Read more Communication
25 Mar 2026 Communication and Collaboration
Mattermost: Plugins Authorization Bypass on Comment Modifications

In Mattermost Plugins versions 11.3, 11.0.3, 11.2.2, and 10.10.11.0 and earlier a medium severity vulnerability CVE-2026-2461 was detected. This vulnerability allows an authorized attacker with editor permissions to modify comments created by other board members due to missing authorization checks on comment block modifications. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-2461.

 Read more Communication
25 Mar 2026 Communication and Collaboration
Mattermost: Unauthorized Playbook Run Creation via Missing Permission Check

In Mattermost versions 11.3.x (≤ 11.3.0) and 11.2.x (≤ 11.2.2) a medium severity vulnerability CVE-2026-26304 was detected. This vulnerability allows team members to create unauthorized playbook runs via the playbook run API due to missing verification of the `run_create` permission for empty `playbookId`. To address this issue, users should upgrade Mattermost Server to version 11.3.1 or later (for 11.3.x branch) or version 11.2.3 or later (for 11.2.x branch). For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-26304.

 Read more Communication
24 Mar 2026 Communication and Collaboration
Discourse: Authorization Bypass Allows Access to Hidden Post Revisions

In Discourse versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 a medium severity vulnerability CVE-2026-27454 was detected. This vulnerability allows attackers to bypass authorization checks and access hidden post revisions by requesting specific version parameters in the /posts/:id.json endpoint. To address this issue, users should upgrade Discourse to versions 2026.3.0-latest.1, 2026.2.1 or 2026.1.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-27454.

 Read more Communication
24 Mar 2026 Communication and Collaboration
Discourse: HTML Injection via Prohibited Iframe URLs

In Discourse versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 a medium severity vulnerability CVE-2026-27166 was detected. This vulnerability allows attackers to perform HTML injection by exploiting insufficient sanitization of the default Codepen allowed iframes, potentially tricking users into changing the main page URL. To address this issue, users should upgrade to versions 2026.3.0-latest.1, 2026.2.1 or 2026.1.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-27166.

 Read more Communication