Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-10103

Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to verify post ownership in the shared channel inbound sync handler, which allows an authenticated remote cluster to modify or delete posts authored by local users or other remotes via crafted sync messages referencing arbitrary post IDs in channels shared with that remote.. Mattermost Advisory ID: MMSA-2026-00689
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 4.1%
CVSS Severity
CVSS v3 Score 4.3
Products affected by CVE-2026-10103


Contact Us

Shodan ® - All rights reserved