CVE-2019-20861 — CVSS 8.8 (high): An issue was discovered in Mattermost Desktop App before 4.2.2. It allows attackers to execute arbitrary code via a crafted link.
CVE-2026-1046 — CVSS 7.6 (high): Mattermost Desktop App versions <=6.0 6.2.0 5.2.13.0 fail to validate help links which allows a malicious Mattermost server to execute…
CVE-2020-14456 — CVSS 7.3 (high): An issue was discovered in Mattermost Desktop App before 4.4.0. The Same Origin Policy is mishandled during access-control decisions for…
CVE-2026-8683 — CVSS 6.5 (medium): Mattermost Desktop App versions <=6.1 5.5.13.0 fail to account for attempting to open extremely long URLs in the Mattermost Desktop App…
CVE-2020-14455 — CVSS 6.5 (medium): An issue was discovered in Mattermost Desktop App before 4.4.0. Prompting for HTTP Basic Authentication is mishandled, allowing phishing…
CVE-2026-3471 — CVSS 6.5 (medium): Mattermost Desktop App versions <=6.1 6.0.1 5.4.13.0 fail to prevent an invalid URL from loading in a pop-up window in the Mattermost…
CVE-2026-6517 — CVSS 6.3 (medium): Mattermost Desktop App versions <=6.1 5.5.13.0 fail to restrict the allow list of domains to which NTLM credentials were forwarded to in…
CVE-2025-55035 — CVSS 6.1 (medium): Mattermost Desktop App versions <=5.13.0 fail to manage modals in the Mattermost Desktop App that stops a user with a server that uses…
CVE-2020-14454 — CVSS 6.1 (medium): An issue was discovered in Mattermost Desktop App before 4.4.0. Attackers can open web pages in the desktop application because server…
CVE-2023-2000 — CVSS 5.4 (medium): Mattermost Desktop App fails to validate a mattermost server redirection and navigates to an arbitrary website
CVE-2024-39613 — CVSS 5.3 (medium): Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who…
CVE-2018-21265 — CVSS 5.3 (medium): An issue was discovered in Mattermost Desktop App before 4.0.0. It mishandled the Same Origin Policy for setPermissionRequestHandler (e.g…
CVE-2023-5339 — CVSS 4.7 (medium): Mattermost Desktop fails to set an appropriate log level during initial run after fresh installation resulting in logging all keystrokes…
CVE-2024-37182 — CVSS 4.7 (medium): Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker…
CVE-2026-1628 — CVSS 4.6 (medium): Mattermost Desktop App versions <=5.13.3 fail to attach listeners restricting navigation to external sites within the Mattermost app which…
CVE-2025-13326 — CVSS 3.9 (low): Mattermost Desktop App versions <6.0.0 fail to enable the Hardened Runtime on the Mattermost Desktop App when packaged for Mac App Store…
CVE-2024-36287 — CVSS 3.8 (low): Mattermost Desktop App versions <=5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on macOS.
CVE-2023-5875 — CVSS 3.7 (low): Mattermost Desktop fails to correctly handle permissions or prompt the user for consent on certain sensitive ones allowing media…
CVE-2024-39772 — CVSS 3.7 (low): Mattermost Desktop App versions <=5.8.0 fail to safeguard screen capture functionality which allows an attacker to silently capture…
CVE-2025-58084 — CVSS 3.5 (low): Mattermost Desktop App versions <= 5.13.0 fail to validate URLs external to the configured Mattermost servers, allowing an attacker on a…
CVE-2026-4643 — CVSS 3.5 (low): Mattermost Desktop App versions <=6.1 6.0.1 5.4.13.0 fail to prevent server-rendered content from closing an underlying application view in…
CVE-2025-1398 — CVSS 3.3 (low): Mattermost Desktop App versions <=5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to…
CVE-2025-13321 — CVSS 3.3 (low): Mattermost Desktop App versions <6.0.0 fail to sanitize sensitive information from Mattermost logs and clear data on server deletion which…
CVE-2023-5876 — CVSS 3.1 (low): Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to…
CVE-2023-5920 — CVSS 2.9 (low): Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to…
CVE-2024-45835 — CVSS 2.5 (low): Mattermost Desktop App versions <=5.8.0 fail to sufficiently configure Electron Fuses which allows an attacker to gather Chromium cookies…