{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T16:58:22.089","vulnerabilities":[{"cve":{"id":"CVE-2026-4274","sourceIdentifier":"responsibledisclosure@mattermost.com","published":"2026-03-26T11:16:21.257","lastModified":"2026-03-26T18:48:39.737","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail to restrict team-level access when processing membership sync from a remote cluster, which allows a malicious remote cluster to grant a user access to an entire private team instead of only the shared channel via sending crafted membership sync messages that trigger team membership assignment. Mattermost Advisory ID: MMSA-2026-00574"},{"lang":"es","value":"Versiones de Mattermost 11.2.x hasta 11.2.2, 10.11.x hasta 10.11.10, 11.4.x hasta 11.4.0, 11.3.x hasta 11.3.1 no restringen el acceso a nivel de equipo al procesar la sincronización de membresía desde un clúster remoto, lo que permite a un clúster remoto malicioso otorgar a un usuario acceso a un equipo privado completo en lugar de solo al canal compartido mediante el envío de mensajes de sincronización de membresía manipulados que desencadenan la asignación de membresía de equipo. ID de Aviso de Mattermost: MMSA-2026-00574"}],"metrics":{"cvssMetricV31":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"10.11.0","versionEndExcluding":"10.11.11","matchCriteriaId":"B6E5F368-358C-429B-8F04-3C8DF4A71A91"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.2.0","versionEndExcluding":"11.2.3","matchCriteriaId":"7F64C167-943D-4F3F-9374-BCC8DECB3881"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.3.0","versionEndExcluding":"11.3.2","matchCriteriaId":"805ECFFC-82FD-4754-AF95-32167E1D41CB"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.4.0","versionEndExcluding":"11.4.1","matchCriteriaId":"839BC7B7-28DF-4125-937A-8B0D2D6893C2"}]}]}],"references":[{"url":"https://mattermost.com/security-updates","source":"responsibledisclosure@mattermost.com","tags":["Vendor Advisory"]}]}}]}