What is GHSA-v549-xx3c-6pc8?

GHSA-v549-xx3c-6pc8 is a security advisory published by GitHub Security Advisories with Medium severity. Mattermost versions 11.5.x \u003c= 11.5.1, 10.11.x \u003c= 10.11.13, 11.4.x \u003c= 11.4.3 fail to check the...

Which CVE IDs does GHSA-v549-xx3c-6pc8 cover?

GHSA-v549-xx3c-6pc8 covers the following CVE IDs: CVE-2026-3637. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-v549-xx3c-6pc8?

GHSA-v549-xx3c-6pc8 has a CVSS v3 base score of 4.3, published by GitHub Security Advisories.

GHSA-v549-xx3c-6pc8MediumCVSS 4.3

Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to check the...

Vendor

GitHub Security Advisories

Published

May 18, 2026

Last Modified

May 18, 2026

🔗 CVE IDs covered (1)

CVE-2026-3637 →

📋 Description

Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to check the create_post channel permission during post edit operations which allows an authenticated attacker with revoked posting privileges to modify their existing posts via direct API requests to the post update and patch endpoints.. Mattermost Advisory ID: MMSA-2026-00627

🔗 References (3)

https://nvd.nist.gov/vuln/detail/CVE-2026-3637
https://mattermost.com/security-updates
https://github.com/advisories/GHSA-v549-xx3c-6pc8