CVE-2026-3495

Source
https://cve.org/CVERecord?id=CVE-2026-3495
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-3495.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-3495
Aliases
Published
2026-05-18T06:58:29.673Z
Modified
2026-07-08T08:12:26.986948784Z
Severity
  • 3.8 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
Unescaped variables during error page composition
Details

Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to escape some variables that could contain malicious content during error page composition which allows an attacker with access to edit some site configuration to execute some malicious code via injecting some JS as part of those values.. Mattermost Advisory ID: MMSA-2026-00622

Database specific
{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "11.5.0"
                },
                {
                    "last_affected": "11.5.1"
                },
                {
                    "introduced": "10.11.0"
                },
                {
                    "last_affected": "10.11.13"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/3xxx/CVE-2026-3495.json",
    "cna_assigner": "Mattermost",
    "cwe_ids": [
        "CWE-79"
    ]
}
References

Affected packages

Git / github.com/mattermost/mattermost

Affected ranges

Type
GIT
Repo
https://github.com/mattermost/mattermost
Events
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "10.11.0"
        },
        {
            "fixed": "10.11.14"
        },
        {
            "introduced": "11.5.0"
        },
        {
            "fixed": "11.5.2"
        }
    ]
}

Affected versions

@mattermost/client@10.*
@mattermost/client@10.11.0
@mattermost/types@10.*
@mattermost/types@10.11.0
mattermost-redux@10.*
mattermost-redux@10.11.0
v10.*
v10.11.0
v10.11.0-rc3
v10.11.1
v10.11.1-rc1
v10.11.10
v10.11.11
v10.11.11-rc1
v10.11.11-rc2
v10.11.12
v10.11.13
v10.11.13-rc1
v10.11.14-rc1
v10.11.2
v10.11.2-rc1
v10.11.2-rc2
v10.11.3
v10.11.4
v10.11.4-rc1
v10.11.4-rc2
v10.11.4-rc3
v10.11.5
v10.11.6
v10.11.7
v10.11.8
v10.11.9
v10.11.9-rc1
v11.*
v11.5.0
v11.5.1
v11.5.2-rc1
v11.5.2-rc2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-3495.json"