Nixpkgs security tracker

Untriaged

Permalink CVE-2026-2457

4.3 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): Low (L)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): Low (L)
Modified Availability (MA): None (N)

created 2 months, 2 weeks ago Activity log

Created suggestion 2 months, 2 weeks ago

WebSocket Message Spoofing via Permalink Embed Manipulation

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to sanitize client-supplied post metadata which allows an authenticated attacker to spoof permalink embeds impersonating other users via crafted PUT requests to the post update API endpoint.. Mattermost Advisory ID: MMSA-2025-00569

References

MMSA-2025-00569 vendor-advisory

Affected products

Mattermost

==11.3.1
=<10.11.10
=<11.2.2
==11.2.3
==10.11.11
=<11.3.0
==11.4.0

Matching in nixpkgs

pkgs.mattermost

Mattermost is an open source platform for secure collaboration across the entire software development lifecycle

nixos-unstable 10.11.12
- nixpkgs-unstable 10.11.12
- nixos-unstable-small 10.11.12
nixos-25.11 10.11.12
- nixos-25.11-small 10.11.12
- nixpkgs-25.11-darwin 10.11.12

pkgs.mattermostLatest

Mattermost is an open source platform for secure collaboration across the entire software development lifecycle

nixos-unstable 11.5.1
- nixpkgs-unstable 11.5.1
- nixos-unstable-small 11.5.1
nixos-25.11 11.3.0
- nixos-25.11-small 11.3.0
- nixpkgs-25.11-darwin 11.3.0

pkgs.mattermost-desktop

Mattermost Desktop client

nixos-unstable 6.0.4
- nixpkgs-unstable 6.1.0
- nixos-unstable-small 6.1.0
nixos-25.11 6.0.4
- nixos-25.11-small 6.0.4
- nixpkgs-25.11-darwin 6.0.4

pkgs.python312Packages.mattermostdriver

Python Mattermost Driver

nixos-25.11 7.3.2
- nixos-25.11-small 7.3.2
- nixpkgs-25.11-darwin 7.3.2

pkgs.python313Packages.mattermostdriver

Python Mattermost Driver

nixos-unstable 7.3.2
- nixpkgs-unstable 7.3.2
- nixos-unstable-small 7.3.2
nixos-25.11 7.3.2
- nixos-25.11-small 7.3.2
- nixpkgs-25.11-darwin 7.3.2

pkgs.python314Packages.mattermostdriver

Python Mattermost Driver

nixos-unstable 7.3.2
- nixpkgs-unstable 7.3.2
- nixos-unstable-small 7.3.2

Package maintainers

@Kranzes Ilan Joselevich <personal@ilanjoselevich.com>
@fsagbuya Florian Agbuya <fa@m-labs.ph>
@numinit Morgan Jones <me+nixpkgs@numin.it>
@ryantm Ryan Mulligan <ryan@ryantm.com>
@mgdelacroix Miguel de la Cruz <mgdelacroix@gmail.com>
@liff Olli Helenius <liff@iki.fi>
@jokogr Ioannis Koutras <ioannis.koutras@gmail.com>
@globin Robin Gloster <mail@glob.in>

Untriaged

Permalink CVE-2026-2578

4.3 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): Low (L)
Integrity (I): None (N)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): None (N)

created 2 months, 2 weeks ago Activity log

Created suggestion 2 months, 2 weeks ago

Information Disclosure via WebSocket Event When Deleting Unrevealed Burn on Read Posts

Mattermost versions 11.3.x <= 11.3.0 fail to preserve the redacted state of burn-on-read posts during deletion which allows channel members to access unrevealed burn-on-read message contents via the WebSocket post deletion event.. Mattermost Advisory ID: MMSA-2026-00579

References

MMSA-2026-00579 vendor-advisory

Affected products

Mattermost

=<11.3.0
==11.3.1
==11.4.0

Matching in nixpkgs

pkgs.mattermost

Mattermost is an open source platform for secure collaboration across the entire software development lifecycle

nixos-unstable 10.11.12
- nixpkgs-unstable 10.11.12
- nixos-unstable-small 10.11.12
nixos-25.11 10.11.12
- nixos-25.11-small 10.11.12
- nixpkgs-25.11-darwin 10.11.12

pkgs.mattermostLatest

Mattermost is an open source platform for secure collaboration across the entire software development lifecycle

nixos-unstable 11.5.1
- nixpkgs-unstable 11.5.1
- nixos-unstable-small 11.5.1
nixos-25.11 11.3.0
- nixos-25.11-small 11.3.0
- nixpkgs-25.11-darwin 11.3.0

pkgs.mattermost-desktop

Mattermost Desktop client

nixos-unstable 6.0.4
- nixpkgs-unstable 6.1.0
- nixos-unstable-small 6.1.0
nixos-25.11 6.0.4
- nixos-25.11-small 6.0.4
- nixpkgs-25.11-darwin 6.0.4

pkgs.python312Packages.mattermostdriver

Python Mattermost Driver

nixos-25.11 7.3.2
- nixos-25.11-small 7.3.2
- nixpkgs-25.11-darwin 7.3.2

pkgs.python313Packages.mattermostdriver

Python Mattermost Driver

nixos-unstable 7.3.2
- nixpkgs-unstable 7.3.2
- nixos-unstable-small 7.3.2
nixos-25.11 7.3.2
- nixos-25.11-small 7.3.2
- nixpkgs-25.11-darwin 7.3.2

pkgs.python314Packages.mattermostdriver

Python Mattermost Driver

nixos-unstable 7.3.2
- nixpkgs-unstable 7.3.2
- nixos-unstable-small 7.3.2

Package maintainers

@Kranzes Ilan Joselevich <personal@ilanjoselevich.com>
@fsagbuya Florian Agbuya <fa@m-labs.ph>
@numinit Morgan Jones <me+nixpkgs@numin.it>
@ryantm Ryan Mulligan <ryan@ryantm.com>
@mgdelacroix Miguel de la Cruz <mgdelacroix@gmail.com>
@liff Olli Helenius <liff@iki.fi>
@jokogr Ioannis Koutras <ioannis.koutras@gmail.com>
@globin Robin Gloster <mail@glob.in>

Untriaged

Permalink CVE-2026-2462

6.6 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): High (H)
User Interaction (UI): None (N)
Scope (S): Changed (C)
Confidentiality (C): Low (L)
Integrity (I): Low (L)
Availability (A): Low (L)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): High (H)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Changed (C)
Modified Integrity (MI): Low (L)
Modified Availability (MA): Low (L)

created 2 months, 2 weeks ago Activity log

Created suggestion 2 months, 2 weeks ago

Admin RCE via Malicious Plugin Upload on CI Test Instances

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to restrict plugin installation on CI test instances with default admin credentials which allows an unauthenticated attacker to achieve remote code execution and exfiltrate sensitive configuration data including AWS and SMTP credentials via uploading a malicious plugin after changing the import directory. Mattermost Advisory ID: MMSA-2025-00528

References

MMSA-2025-00528 vendor-advisory

Affected products

Mattermost

==11.3.1
=<10.11.10
=<11.2.2
==11.2.3
==10.11.11
=<11.3.0
==11.4.0

Matching in nixpkgs

pkgs.mattermost

Mattermost is an open source platform for secure collaboration across the entire software development lifecycle

nixos-unstable 10.11.12
- nixpkgs-unstable 10.11.12
- nixos-unstable-small 10.11.12
nixos-25.11 10.11.12
- nixos-25.11-small 10.11.12
- nixpkgs-25.11-darwin 10.11.12

pkgs.mattermostLatest

Mattermost is an open source platform for secure collaboration across the entire software development lifecycle

nixos-unstable 11.5.1
- nixpkgs-unstable 11.5.1
- nixos-unstable-small 11.5.1
nixos-25.11 11.3.0
- nixos-25.11-small 11.3.0
- nixpkgs-25.11-darwin 11.3.0

pkgs.mattermost-desktop

Mattermost Desktop client

nixos-unstable 6.0.4
- nixpkgs-unstable 6.1.0
- nixos-unstable-small 6.1.0
nixos-25.11 6.0.4
- nixos-25.11-small 6.0.4
- nixpkgs-25.11-darwin 6.0.4

pkgs.python312Packages.mattermostdriver

Python Mattermost Driver

nixos-25.11 7.3.2
- nixos-25.11-small 7.3.2
- nixpkgs-25.11-darwin 7.3.2

pkgs.python313Packages.mattermostdriver

Python Mattermost Driver

nixos-unstable 7.3.2
- nixpkgs-unstable 7.3.2
- nixos-unstable-small 7.3.2
nixos-25.11 7.3.2
- nixos-25.11-small 7.3.2
- nixpkgs-25.11-darwin 7.3.2

pkgs.python314Packages.mattermostdriver

Python Mattermost Driver

nixos-unstable 7.3.2
- nixpkgs-unstable 7.3.2
- nixos-unstable-small 7.3.2

Package maintainers

@Kranzes Ilan Joselevich <personal@ilanjoselevich.com>
@fsagbuya Florian Agbuya <fa@m-labs.ph>
@numinit Morgan Jones <me+nixpkgs@numin.it>
@ryantm Ryan Mulligan <ryan@ryantm.com>
@mgdelacroix Miguel de la Cruz <mgdelacroix@gmail.com>
@liff Olli Helenius <liff@iki.fi>
@jokogr Ioannis Koutras <ioannis.koutras@gmail.com>
@globin Robin Gloster <mail@glob.in>

Untriaged

Permalink CVE-2026-2455

4.3 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): Low (L)
Integrity (I): None (N)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): None (N)

created 2 months, 2 weeks ago Activity log

Created suggestion 2 months, 2 weeks ago

SSRF bypass via IPv4-mapped IPv6 literals

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to canonicalize IPv4-mapped IPv6 addresses before reserved IP validation which allows an attacker to perform SSRF attacks against internal services via IPv4-mapped IPv6 literals (e.g., [::ffff:127.0.0.1]).. Mattermost Advisory ID: MMSA-2026-00585

References

MMSA-2026-00585 vendor-advisory

Affected products

Mattermost

==11.3.1
=<10.11.10
=<11.2.2
==11.2.3
==10.11.11
=<11.3.0
==11.4.0

Matching in nixpkgs

pkgs.mattermost

Mattermost is an open source platform for secure collaboration across the entire software development lifecycle

nixos-unstable 10.11.12
- nixpkgs-unstable 10.11.12
- nixos-unstable-small 10.11.12
nixos-25.11 10.11.12
- nixos-25.11-small 10.11.12
- nixpkgs-25.11-darwin 10.11.12

pkgs.mattermostLatest

Mattermost is an open source platform for secure collaboration across the entire software development lifecycle

nixos-unstable 11.5.1
- nixpkgs-unstable 11.5.1
- nixos-unstable-small 11.5.1
nixos-25.11 11.3.0
- nixos-25.11-small 11.3.0
- nixpkgs-25.11-darwin 11.3.0

pkgs.mattermost-desktop

Mattermost Desktop client

nixos-unstable 6.0.4
- nixpkgs-unstable 6.1.0
- nixos-unstable-small 6.1.0
nixos-25.11 6.0.4
- nixos-25.11-small 6.0.4
- nixpkgs-25.11-darwin 6.0.4

pkgs.python312Packages.mattermostdriver

Python Mattermost Driver

nixos-25.11 7.3.2
- nixos-25.11-small 7.3.2
- nixpkgs-25.11-darwin 7.3.2

pkgs.python313Packages.mattermostdriver

Python Mattermost Driver

nixos-unstable 7.3.2
- nixpkgs-unstable 7.3.2
- nixos-unstable-small 7.3.2
nixos-25.11 7.3.2
- nixos-25.11-small 7.3.2
- nixpkgs-25.11-darwin 7.3.2

pkgs.python314Packages.mattermostdriver

Python Mattermost Driver

nixos-unstable 7.3.2
- nixpkgs-unstable 7.3.2
- nixos-unstable-small 7.3.2

Package maintainers

@Kranzes Ilan Joselevich <personal@ilanjoselevich.com>
@fsagbuya Florian Agbuya <fa@m-labs.ph>
@numinit Morgan Jones <me+nixpkgs@numin.it>
@ryantm Ryan Mulligan <ryan@ryantm.com>
@mgdelacroix Miguel de la Cruz <mgdelacroix@gmail.com>
@liff Olli Helenius <liff@iki.fi>
@jokogr Ioannis Koutras <ioannis.koutras@gmail.com>
@globin Robin Gloster <mail@glob.in>

Untriaged

Permalink CVE-2026-22545

3.1 LOW

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): High (H)
Privileges Required (PR): None (N)
User Interaction (UI): Required (R)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): Low (L)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): Low (L)
Modified Availability (MA): None (N)

created 2 months, 2 weeks ago Activity log

Created suggestion 2 months, 2 weeks ago

Password Change Bypass via Auth Switch Endpoint

Mattermost versions 10.11.x <= 10.11.10 fail to validate user's authentication method when processing account auth type switch which allows an authenticated attacker to change account password without confirmation via falsely claiming a different auth provider.. Mattermost Advisory ID: MMSA-2026-00583

References

MMSA-2026-00583 vendor-advisory

Affected products

Mattermost

=<10.11.10
==10.11.11
==11.4.0

Matching in nixpkgs

pkgs.mattermost

Mattermost is an open source platform for secure collaboration across the entire software development lifecycle

nixos-unstable 10.11.12
- nixpkgs-unstable 10.11.12
- nixos-unstable-small 10.11.12
nixos-25.11 10.11.12
- nixos-25.11-small 10.11.12
- nixpkgs-25.11-darwin 10.11.12

pkgs.mattermostLatest

Mattermost is an open source platform for secure collaboration across the entire software development lifecycle

nixos-unstable 11.5.1
- nixpkgs-unstable 11.5.1
- nixos-unstable-small 11.5.1
nixos-25.11 11.3.0
- nixos-25.11-small 11.3.0
- nixpkgs-25.11-darwin 11.3.0

pkgs.mattermost-desktop

Mattermost Desktop client

nixos-unstable 6.0.4
- nixpkgs-unstable 6.1.0
- nixos-unstable-small 6.1.0
nixos-25.11 6.0.4
- nixos-25.11-small 6.0.4
- nixpkgs-25.11-darwin 6.0.4

pkgs.python312Packages.mattermostdriver

Python Mattermost Driver

nixos-25.11 7.3.2
- nixos-25.11-small 7.3.2
- nixpkgs-25.11-darwin 7.3.2

pkgs.python313Packages.mattermostdriver

Python Mattermost Driver

nixos-unstable 7.3.2
- nixpkgs-unstable 7.3.2
- nixos-unstable-small 7.3.2
nixos-25.11 7.3.2
- nixos-25.11-small 7.3.2
- nixpkgs-25.11-darwin 7.3.2

pkgs.python314Packages.mattermostdriver

Python Mattermost Driver

nixos-unstable 7.3.2
- nixpkgs-unstable 7.3.2
- nixos-unstable-small 7.3.2

Package maintainers

@Kranzes Ilan Joselevich <personal@ilanjoselevich.com>
@fsagbuya Florian Agbuya <fa@m-labs.ph>
@numinit Morgan Jones <me+nixpkgs@numin.it>
@ryantm Ryan Mulligan <ryan@ryantm.com>
@mgdelacroix Miguel de la Cruz <mgdelacroix@gmail.com>
@liff Olli Helenius <liff@iki.fi>
@jokogr Ioannis Koutras <ioannis.koutras@gmail.com>
@globin Robin Gloster <mail@glob.in>

Untriaged

Permalink CVE-2026-2476

7.6 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): High (H)
User Interaction (UI): None (N)
Scope (S): Changed (C)
Confidentiality (C): High (H)
Integrity (I): Low (L)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): High (H)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Changed (C)
Modified Integrity (MI): Low (L)
Modified Availability (MA): None (N)

created 2 months, 2 weeks ago Activity log

Created suggestion 2 months, 2 weeks ago

MS Teams plugin sensitive config values not properly masked in support packets

Mattermost Plugins versions <=2.0.3.0 fail to properly mask sensitive configuration values which allows an attacker with access to support packets to obtain original plugin settings via exported configuration data. Mattermost Advisory ID: MMSA-2026-00606

References

MMSA-2026-00606 vendor-advisory

Affected products

Mattermost

=<2.0.3
==2.3.1.0

Matching in nixpkgs

pkgs.mattermost

Mattermost is an open source platform for secure collaboration across the entire software development lifecycle

nixos-unstable 10.11.12
- nixpkgs-unstable 10.11.12
- nixos-unstable-small 10.11.12
nixos-25.11 10.11.12
- nixos-25.11-small 10.11.12
- nixpkgs-25.11-darwin 10.11.12

pkgs.mattermostLatest

Mattermost is an open source platform for secure collaboration across the entire software development lifecycle

nixos-unstable 11.5.1
- nixpkgs-unstable 11.5.1
- nixos-unstable-small 11.5.1
nixos-25.11 11.3.0
- nixos-25.11-small 11.3.0
- nixpkgs-25.11-darwin 11.3.0

pkgs.mattermost-desktop

Mattermost Desktop client

nixos-unstable 6.0.4
- nixpkgs-unstable 6.1.0
- nixos-unstable-small 6.1.0
nixos-25.11 6.0.4
- nixos-25.11-small 6.0.4
- nixpkgs-25.11-darwin 6.0.4

pkgs.python312Packages.mattermostdriver

Python Mattermost Driver

nixos-25.11 7.3.2
- nixos-25.11-small 7.3.2
- nixpkgs-25.11-darwin 7.3.2

pkgs.python313Packages.mattermostdriver

Python Mattermost Driver

nixos-unstable 7.3.2
- nixpkgs-unstable 7.3.2
- nixos-unstable-small 7.3.2
nixos-25.11 7.3.2
- nixos-25.11-small 7.3.2
- nixpkgs-25.11-darwin 7.3.2

pkgs.python314Packages.mattermostdriver

Python Mattermost Driver

nixos-unstable 7.3.2
- nixpkgs-unstable 7.3.2
- nixos-unstable-small 7.3.2

Package maintainers

@Kranzes Ilan Joselevich <personal@ilanjoselevich.com>
@fsagbuya Florian Agbuya <fa@m-labs.ph>
@numinit Morgan Jones <me+nixpkgs@numin.it>
@ryantm Ryan Mulligan <ryan@ryantm.com>
@mgdelacroix Miguel de la Cruz <mgdelacroix@gmail.com>
@liff Olli Helenius <liff@iki.fi>
@jokogr Ioannis Koutras <ioannis.koutras@gmail.com>
@globin Robin Gloster <mail@glob.in>

Untriaged

Permalink CVE-2026-26304

4.3 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): Low (L)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): Low (L)
Modified Availability (MA): None (N)

created 2 months, 2 weeks ago Activity log

Created suggestion 2 months, 2 weeks ago

Permission Bypass in Playbook Run Creation

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2 fail to verify run_create permission for empty playbookId, which allows team members to create unauthorized runs via the playbook run API. Mattermost Advisory ID: MMSA-2025-00542

References

MMSA-2025-00542 vendor-advisory

Affected products

Mattermost

==11.3.1
=<11.2.2
==11.2.3
=<11.3.0
==11.4.0

Matching in nixpkgs

pkgs.mattermost

Mattermost is an open source platform for secure collaboration across the entire software development lifecycle

nixos-unstable 10.11.12
- nixpkgs-unstable 10.11.12
- nixos-unstable-small 10.11.12
nixos-25.11 10.11.12
- nixos-25.11-small 10.11.12
- nixpkgs-25.11-darwin 10.11.12

pkgs.mattermostLatest

Mattermost is an open source platform for secure collaboration across the entire software development lifecycle

nixos-unstable 11.5.1
- nixpkgs-unstable 11.5.1
- nixos-unstable-small 11.5.1
nixos-25.11 11.3.0
- nixos-25.11-small 11.3.0
- nixpkgs-25.11-darwin 11.3.0

pkgs.mattermost-desktop

Mattermost Desktop client

nixos-unstable 6.0.4
- nixpkgs-unstable 6.1.0
- nixos-unstable-small 6.1.0
nixos-25.11 6.0.4
- nixos-25.11-small 6.0.4
- nixpkgs-25.11-darwin 6.0.4

pkgs.python312Packages.mattermostdriver

Python Mattermost Driver

nixos-25.11 7.3.2
- nixos-25.11-small 7.3.2
- nixpkgs-25.11-darwin 7.3.2

pkgs.python313Packages.mattermostdriver

Python Mattermost Driver

nixos-unstable 7.3.2
- nixpkgs-unstable 7.3.2
- nixos-unstable-small 7.3.2
nixos-25.11 7.3.2
- nixos-25.11-small 7.3.2
- nixpkgs-25.11-darwin 7.3.2

pkgs.python314Packages.mattermostdriver

Python Mattermost Driver

nixos-unstable 7.3.2
- nixpkgs-unstable 7.3.2
- nixos-unstable-small 7.3.2

Package maintainers

@Kranzes Ilan Joselevich <personal@ilanjoselevich.com>
@fsagbuya Florian Agbuya <fa@m-labs.ph>
@numinit Morgan Jones <me+nixpkgs@numin.it>
@ryantm Ryan Mulligan <ryan@ryantm.com>
@mgdelacroix Miguel de la Cruz <mgdelacroix@gmail.com>
@liff Olli Helenius <liff@iki.fi>
@jokogr Ioannis Koutras <ioannis.koutras@gmail.com>
@globin Robin Gloster <mail@glob.in>

Untriaged

Permalink CVE-2026-2458

4.3 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): Low (L)
Integrity (I): None (N)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): None (N)

created 2 months, 2 weeks ago Activity log

Created suggestion 2 months, 2 weeks ago

Unauthorized channel enumeration in private teams after member removal

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to properly validate team membership when searching channels which allows a removed team member to enumerate all public channels within a private team via the channel search API endpoint.. Mattermost Advisory ID: MMSA-2025-00568

References

MMSA-2025-00568 vendor-advisory

Affected products

Mattermost

==11.3.1
=<10.11.10
=<11.2.2
==11.2.3
==10.11.11
=<11.3.0
==11.4.0

Matching in nixpkgs

pkgs.mattermost

Mattermost is an open source platform for secure collaboration across the entire software development lifecycle

nixos-unstable 10.11.12
- nixpkgs-unstable 10.11.12
- nixos-unstable-small 10.11.12
nixos-25.11 10.11.12
- nixos-25.11-small 10.11.12
- nixpkgs-25.11-darwin 10.11.12

pkgs.mattermostLatest

Mattermost is an open source platform for secure collaboration across the entire software development lifecycle

nixos-unstable 11.5.1
- nixpkgs-unstable 11.5.1
- nixos-unstable-small 11.5.1
nixos-25.11 11.3.0
- nixos-25.11-small 11.3.0
- nixpkgs-25.11-darwin 11.3.0

pkgs.mattermost-desktop

Mattermost Desktop client

nixos-unstable 6.0.4
- nixpkgs-unstable 6.1.0
- nixos-unstable-small 6.1.0
nixos-25.11 6.0.4
- nixos-25.11-small 6.0.4
- nixpkgs-25.11-darwin 6.0.4

pkgs.python312Packages.mattermostdriver

Python Mattermost Driver

nixos-25.11 7.3.2
- nixos-25.11-small 7.3.2
- nixpkgs-25.11-darwin 7.3.2

pkgs.python313Packages.mattermostdriver

Python Mattermost Driver

nixos-unstable 7.3.2
- nixpkgs-unstable 7.3.2
- nixos-unstable-small 7.3.2
nixos-25.11 7.3.2
- nixos-25.11-small 7.3.2
- nixpkgs-25.11-darwin 7.3.2

pkgs.python314Packages.mattermostdriver

Python Mattermost Driver

nixos-unstable 7.3.2
- nixpkgs-unstable 7.3.2
- nixos-unstable-small 7.3.2

Package maintainers

@Kranzes Ilan Joselevich <personal@ilanjoselevich.com>
@fsagbuya Florian Agbuya <fa@m-labs.ph>
@numinit Morgan Jones <me+nixpkgs@numin.it>
@ryantm Ryan Mulligan <ryan@ryantm.com>
@mgdelacroix Miguel de la Cruz <mgdelacroix@gmail.com>
@liff Olli Helenius <liff@iki.fi>
@jokogr Ioannis Koutras <ioannis.koutras@gmail.com>
@globin Robin Gloster <mail@glob.in>

Untriaged

Permalink CVE-2026-26246

4.3 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): Low (L)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): Low (L)

created 2 months, 2 weeks ago Activity log

Created suggestion 2 months, 2 weeks ago

Memory Exhaustion via Malformed PSD File Upload

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to bound memory allocation when processing PSD image files which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted PSD file. Mattermost Advisory ID: MMSA-2026-00572

References

MMSA-2026-00572 vendor-advisory

Affected products

Mattermost

==11.3.1
=<10.11.10
=<11.2.2
==11.2.3
==10.11.11
=<11.3.0
==11.4.0

Matching in nixpkgs

pkgs.mattermost

Mattermost is an open source platform for secure collaboration across the entire software development lifecycle

nixos-unstable 10.11.12
- nixpkgs-unstable 10.11.12
- nixos-unstable-small 10.11.12
nixos-25.11 10.11.12
- nixos-25.11-small 10.11.12
- nixpkgs-25.11-darwin 10.11.12

pkgs.mattermostLatest

Mattermost is an open source platform for secure collaboration across the entire software development lifecycle

nixos-unstable 11.5.1
- nixpkgs-unstable 11.5.1
- nixos-unstable-small 11.5.1
nixos-25.11 11.3.0
- nixos-25.11-small 11.3.0
- nixpkgs-25.11-darwin 11.3.0

pkgs.mattermost-desktop

Mattermost Desktop client

nixos-unstable 6.0.4
- nixpkgs-unstable 6.1.0
- nixos-unstable-small 6.1.0
nixos-25.11 6.0.4
- nixos-25.11-small 6.0.4
- nixpkgs-25.11-darwin 6.0.4

pkgs.python312Packages.mattermostdriver

Python Mattermost Driver

nixos-25.11 7.3.2
- nixos-25.11-small 7.3.2
- nixpkgs-25.11-darwin 7.3.2

pkgs.python313Packages.mattermostdriver

Python Mattermost Driver

nixos-unstable 7.3.2
- nixpkgs-unstable 7.3.2
- nixos-unstable-small 7.3.2
nixos-25.11 7.3.2
- nixos-25.11-small 7.3.2
- nixpkgs-25.11-darwin 7.3.2

pkgs.python314Packages.mattermostdriver

Python Mattermost Driver

nixos-unstable 7.3.2
- nixpkgs-unstable 7.3.2
- nixos-unstable-small 7.3.2

Package maintainers

@Kranzes Ilan Joselevich <personal@ilanjoselevich.com>
@fsagbuya Florian Agbuya <fa@m-labs.ph>
@numinit Morgan Jones <me+nixpkgs@numin.it>
@ryantm Ryan Mulligan <ryan@ryantm.com>
@mgdelacroix Miguel de la Cruz <mgdelacroix@gmail.com>
@liff Olli Helenius <liff@iki.fi>
@jokogr Ioannis Koutras <ioannis.koutras@gmail.com>
@globin Robin Gloster <mail@glob.in>

Untriaged

Permalink CVE-2026-26230

3.8 LOW

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): High (H)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): Low (L)
Integrity (I): Low (L)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): High (H)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): Low (L)
Modified Availability (MA): None (N)

created 2 months, 2 weeks ago Activity log

Created suggestion 2 months, 2 weeks ago

Team Admin Privilege Escalation to Demote Members to Guest

Mattermost versions 10.11.x <= 10.11.10 fail to properly validate permission requirements in the team member roles API endpoint which allows team administrators to demote members to guest role. Mattermost Advisory ID: MMSA-2025-00531

References

MMSA-2025-00531 vendor-advisory

Affected products

Mattermost

=<10.11.10
==10.11.11
==11.4.0

Matching in nixpkgs

pkgs.mattermost

Mattermost is an open source platform for secure collaboration across the entire software development lifecycle

nixos-unstable 10.11.12
- nixpkgs-unstable 10.11.12
- nixos-unstable-small 10.11.12
nixos-25.11 10.11.12
- nixos-25.11-small 10.11.12
- nixpkgs-25.11-darwin 10.11.12

pkgs.mattermostLatest

Mattermost is an open source platform for secure collaboration across the entire software development lifecycle

nixos-unstable 11.5.1
- nixpkgs-unstable 11.5.1
- nixos-unstable-small 11.5.1
nixos-25.11 11.3.0
- nixos-25.11-small 11.3.0
- nixpkgs-25.11-darwin 11.3.0

pkgs.mattermost-desktop

Mattermost Desktop client

nixos-unstable 6.0.4
- nixpkgs-unstable 6.1.0
- nixos-unstable-small 6.1.0
nixos-25.11 6.0.4
- nixos-25.11-small 6.0.4
- nixpkgs-25.11-darwin 6.0.4

pkgs.python312Packages.mattermostdriver

Python Mattermost Driver

nixos-25.11 7.3.2
- nixos-25.11-small 7.3.2
- nixpkgs-25.11-darwin 7.3.2

pkgs.python313Packages.mattermostdriver

Python Mattermost Driver

nixos-unstable 7.3.2
- nixpkgs-unstable 7.3.2
- nixos-unstable-small 7.3.2
nixos-25.11 7.3.2
- nixos-25.11-small 7.3.2
- nixpkgs-25.11-darwin 7.3.2

pkgs.python314Packages.mattermostdriver

Python Mattermost Driver

nixos-unstable 7.3.2
- nixpkgs-unstable 7.3.2
- nixos-unstable-small 7.3.2

Package maintainers

@Kranzes Ilan Joselevich <personal@ilanjoselevich.com>
@fsagbuya Florian Agbuya <fa@m-labs.ph>
@numinit Morgan Jones <me+nixpkgs@numin.it>
@ryantm Ryan Mulligan <ryan@ryantm.com>
@mgdelacroix Miguel de la Cruz <mgdelacroix@gmail.com>
@liff Olli Helenius <liff@iki.fi>
@jokogr Ioannis Koutras <ioannis.koutras@gmail.com>
@globin Robin Gloster <mail@glob.in>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.mattermost

pkgs.mattermostLatest

pkgs.mattermost-desktop

pkgs.python312Packages.mattermostdriver

pkgs.python313Packages.mattermostdriver

pkgs.python314Packages.mattermostdriver

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.mattermost

pkgs.mattermostLatest

pkgs.mattermost-desktop

pkgs.python312Packages.mattermostdriver

pkgs.python313Packages.mattermostdriver

pkgs.python314Packages.mattermostdriver

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.mattermost

pkgs.mattermostLatest

pkgs.mattermost-desktop

pkgs.python312Packages.mattermostdriver

pkgs.python313Packages.mattermostdriver

pkgs.python314Packages.mattermostdriver

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.mattermost

pkgs.mattermostLatest

pkgs.mattermost-desktop

pkgs.python312Packages.mattermostdriver

pkgs.python313Packages.mattermostdriver

pkgs.python314Packages.mattermostdriver

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.mattermost

pkgs.mattermostLatest

pkgs.mattermost-desktop

pkgs.python312Packages.mattermostdriver

pkgs.python313Packages.mattermostdriver

pkgs.python314Packages.mattermostdriver

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.mattermost

pkgs.mattermostLatest

pkgs.mattermost-desktop

pkgs.python312Packages.mattermostdriver

pkgs.python313Packages.mattermostdriver

pkgs.python314Packages.mattermostdriver

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.mattermost

pkgs.mattermostLatest

pkgs.mattermost-desktop

pkgs.python312Packages.mattermostdriver

pkgs.python313Packages.mattermostdriver

pkgs.python314Packages.mattermostdriver

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.mattermost

pkgs.mattermostLatest

pkgs.mattermost-desktop

pkgs.python312Packages.mattermostdriver

pkgs.python313Packages.mattermostdriver

pkgs.python314Packages.mattermostdriver