Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2026-7387— Mattermost group syncable endpoints allow privilege escalation via scheme_admin

CVSS 8.8 · High EPSS 0.03% · P10

Possible ATT&CK Techniques 1AI

T1078 · Valid Accounts

Affected Version Matrix 9

VendorProductVersion RangeStatus
MattermostMattermost11.6.0≤ 11.6.1affected
11.5.0≤ 11.5.4affected
10.11.0≤ 10.11.15affected
10.11.0≤ 10.11.16affected
11.7.0unaffected
11.6.2unaffected
11.5.5unaffected
10.11.16unaffected
… +1 more rows
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-7387

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Mattermost group syncable endpoints allow privilege escalation via scheme_admin
Source: NVD (National Vulnerability Database)
Vulnerability Description
Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 Mattermost fails to require role-management authorization when setting the scheme_admin flag on group syncable link and patch endpoints, which allows a user with group-link permissions to escalate themselves and group members to team or channel admin via crafted API requests.. Mattermost Advisory ID: MMSA-2026-00665
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制不正确
Source: NVD (National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
MattermostMattermost 11.6.0 ~ 11.6.1 -

II. Public POCs for CVE-2026-7387

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-7387

登录查看更多情报信息。

Same Patch Batch · Mattermost · 2026-06-12 · 7 CVEs total

CVE-2026-69617.6 HIGHCVE-2026-6961: Path traversal via unsanitized FileInfo.Name in Mattermost federation sync
CVE-2026-67396.7 MEDIUMMattermost: Delegated admins could patch protected default system roles
CVE-2026-71846.5 MEDIUMMattermost Remote Cluster PATCH API Leaks Authentication Tokens
CVE-2026-60465.3 MEDIUMPlugin bot username conflict allows user account to be used as bot identity in Mattermost
CVE-2026-66894.3 MEDIUM*Missing* {{invite_user}} *permission check on team creation allows unprivileged users to
CVE-2026-34334.3 MEDIUMMattermost fails to scope role_updated websocket events to authorized team and channel mem

IV. Related Vulnerabilities

Same product: Mattermost
Same vendor: Mattermost
Same weakness: CWE-863

V. Comments for CVE-2026-7387

No comments yet

Leave a comment