CVE-2026-6517

Published: Giu 15, 2026 Last Modified: Giu 15, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,3

Source: [email protected]

Attack Vector: network

Attack Complexity: high

Privileges Required: low

User Interaction: none

Scope: changed

Confidentiality: high

Integrity: none

Availability: none

Description

AI Translation Available

Mattermost Desktop App versions <=6.1 5.5.13.0 fail to restrict the allow list of domains to which NTLM credentials were forwarded to in the Mattermost Desktop App which allows any user on a server without the image proxy enabled to intercept other users credentials via embedding an image that routes to an external web server. Mattermost Advisory ID: MMSA-2026-00651

522

Insufficiently Protected Credentials

Incomplete

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control

Potential Impacts:

Gain Privileges Or Assume Identity

Applicable Platforms

Technologies: Not Technology-Specific, Web Based, ICS/OT

View CWE Details

https://mattermost.com/security-updates

CVE-2026-6517

Description

Insufficiently Protected Credentials

Common Consequences

Applicable Platforms

Iscriviti alla newsletter