Bug 2448235 (CVE-2026-26230)
| Summary: | CVE-2026-26230 github.com/mattermost/mattermost-server: Team Admin Privilege Escalation to Demote Members to Guest | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A permissions validation flaw has been discovered in mattermost server. Affected versions fail to properly validate permission requirements in the team member roles API endpoint which allows team administrators to demote members to guest role.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2448250, 2448251 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2026-03-16 21:02:05 UTC
|