What is GHSA-hw87-6jcq-9f8q?

GHSA-hw87-6jcq-9f8q is a security advisory published by GitHub Security Advisories with Low severity. Mattermost versions 11.5.x \u003c= 11.5.1, 10.11.x \u003c= 10.11.13 fail to enforce the PostEditTimeLimit...

Which CVE IDs does GHSA-hw87-6jcq-9f8q cover?

GHSA-hw87-6jcq-9f8q covers the following CVE IDs: CVE-2026-4053. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-hw87-6jcq-9f8q?

GHSA-hw87-6jcq-9f8q has a CVSS v3 base score of 3.1, published by GitHub Security Advisories.

GHSA-hw87-6jcq-9f8qLowCVSS 3.1

Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to enforce the PostEditTimeLimit...

Vendor

GitHub Security Advisories

Published

May 15, 2026

Last Modified

May 15, 2026

🔗 CVE IDs covered (1)

CVE-2026-4053 →

📋 Description

Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to enforce the PostEditTimeLimit on non-message post fields which allows an authenticated user to modify post file attachments, props, and pin status after the edit window has expired via the post patch and update API endpoints.. Mattermost Advisory ID: MMSA-2026-00631

🔗 References (3)

https://nvd.nist.gov/vuln/detail/CVE-2026-4053
https://mattermost.com/security-updates
https://github.com/advisories/GHSA-hw87-6jcq-9f8q