CVE-2026-13426

Name: CVE-2026-13426
Creator: NVD / NIST
Published: 2026-06-26T14:17:03.273+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 5.4/10

Last modified Jun 26, 2026

This CVE is reserved or awaiting analysis. Details will appear once published by NVD.

Description

The Mattermost Go module github.com/mattermost/mattermost/server/public versions < v0.1.22 fail to validate path parameters when constructing API route paths which allows an attacker to redirect API calls to unintended endpoints via crafted IDs containing path traversal components. Mattermost Advisory ID: MMSA-2025-00532

Metrics

CVSS 3.1

5.4/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Weakness Enumeration

CWE-22

References

https://mattermost.com/security-updates

Timeline

Published: Jun 26, 2026
Last Modified: Jun 26, 2026
Status: Awaiting Analysis

Are you affected by CVE-2026-13426?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST