Mattermost: >> Mattermost Desktop >> 5.13.3 Security Vulnerabilities
Mattermost Desktop App versions <=5.13.3 fail to attach listeners restricting navigation to external sites within the Mattermost app which allows a malicious server to expose preload script functionality to untrusted servers via having a user open an external link in their Mattermost server. Mattermost Advisory ID: MMSA-2026-00596
CVSS Score
4.6
EPSS Score
0.0
Published
2026-03-02
Mattermost Desktop App versions <6.0.0 fail to enable the Hardened Runtime on the Mattermost Desktop App when packaged for Mac App Store which allows an attacker to inherit TCC permissions via copying the binary to a tmp folder.
CVSS Score
3.9
EPSS Score
0.0
Published
2025-12-17
Mattermost Desktop App versions <6.0.0 fail to sanitize sensitive information from Mattermost logs and clear data on server deletion which allows an attacker with access to the users system to gain access to potentially sensitive information via reading the application logs.
CVSS Score
3.3
EPSS Score
0.0
Published
2025-12-17