CVE-2026-3112
Arbitrary File Read via Advanced Logging Support Packet
CVSS Score
6.8
EPSS Score
0.0%
EPSS Percentile
0th
Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to validate Advanced Logging file target paths which allows system administrators to read arbitrary host files via malicious AdvancedLoggingJSON configuration in support packet generation. Mattermost Advisory ID: MMSA-2025-00562
| CWE | CWE-22 |
| Vendor | mattermost |
| Product | mattermost |
| Published | Mar 26, 2026 |
| Last Updated | Mar 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for mattermost mattermost
Be the first to know when new medium vulnerabilities affecting mattermost mattermost are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None
Affected Versions
Mattermost / Mattermost
11.4.0 โค 11.4.0 11.3.0 โค 11.3.1 11.2.0 โค 11.2.3 10.11.0 โค 10.11.11
References
Credits
mufeedvh