VIR Vulnerability Intelligence Relay

Package impact

golang Go / github.com/mattermost/mattermost/server/v8

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-28741 medium 5.5 1mo ago Mattermost doesn't validate CSRF tokens on an authentication endpoint golang
CVE-2026-3590 medium 5.5 1mo ago Mattermost has session spoofing due to lack of single-use consumption of guest magic link tokens enforcement golang