{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T21:31:09.808","vulnerabilities":[{"cve":{"id":"CVE-2024-41926","sourceIdentifier":"responsibledisclosure@mattermost.com","published":"2024-08-01T15:15:13.900","lastModified":"2024-09-04T16:55:35.570","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Mattermost versions 9.9.x <= 9.9.0 and 9.5.x <= 9.5.6 fail to validate the source of sync messages and only allow the correct remote IDs, which allows a malicious remote to set arbitrary RemoteId values for synced users and therefore claim that a user was synced from another remote."},{"lang":"es","value":" Las versiones 9.9.x &lt;= 9.9.0 y 9.5.x &lt;= 9.5.6 de Mattermost no validan el origen de los mensajes de sincronización y solo permiten las ID remotas correctas, lo que permite que un control remoto malicioso establezca valores RemoteId arbitrarios para usuarios sincronizados y, por lo tanto, afirmar que un usuario se sincronizó desde otro control remoto."}],"metrics":{"cvssMetricV31":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N","baseScore":2.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-346"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"9.5.0","versionEndExcluding":"9.5.7","matchCriteriaId":"CBEB8F40-C2DE-4E6F-8772-1BBCA44795A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:9.9.0:*:*:*:*:*:*:*","matchCriteriaId":"4BE71910-C7C4-4F33-BFD4-40D2EAA56DB1"}]}]}],"references":[{"url":"https://mattermost.com/security-updates","source":"responsibledisclosure@mattermost.com","tags":["Vendor Advisory"]}]}}]}