GHSA-72v2-v53v-4qmmMediumCVSS 5.4

The Mattermost Go module github.com/mattermost/mattermost/server/public versions < v0.1.22 fail...

Published
June 26, 2026
Last Modified
June 26, 2026

🔗 CVE IDs covered (1)

📋 Description

The Mattermost Go module github.com/mattermost/mattermost/server/public versions < v0.1.22 fail to validate path parameters when constructing API route paths which allows an attacker to redirect API calls to unintended endpoints via crafted IDs containing path traversal components. Mattermost Advisory ID: MMSA-2025-00532

🔗 References (3)