Mattermost Mattermost Mobile — known CVE vulnerabilities
Every CVE whose affected-product data names Mattermost Mattermost Mobile, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (20)
CVE-2020-14451 — CVSS 7.5 (high): An issue was discovered in Mattermost Mobile Apps before 1.29.0. The iOS app allowed Single Sign-On cookies and Local Storage to remain…
CVE-2019-20848 — CVSS 7.5 (high): An issue was discovered in Mattermost Mobile Apps before 1.26.0. The Quick Reply feature mishandles crafted replies.
CVE-2019-20852 — CVSS 7.5 (high): An issue was discovered in Mattermost Mobile Apps before 1.26.0. Local logging is not blocked for sensitive information (e.g., server…
CVE-2020-14449 — CVSS 7.5 (high): An issue was discovered in Mattermost Mobile Apps before 1.30.0. Authorization tokens can sometimes be disclosed to third-party servers…
CVE-2025-1558 — CVSS 6.5 (medium): Mattermost Mobile Apps versions <=2.25.0 fail to properly validate GIF images prior to rendering which allows a malicious user to cause the…
CVE-2025-20036 — CVSS 6.5 (medium): Mattermost Mobile Apps versions <=2.22.0 fail to properly validate post props which allows a malicious authenticated user to cause a crash…
CVE-2025-21083 — CVSS 6.5 (medium): Mattermost Mobile Apps versions <=2.22.0 fail to properly validate post props which allows a malicious authenticated user to cause a crash…
CVE-2025-20630 — CVSS 6.5 (medium): Mattermost Mobile versions <=2.22.0 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which…
CVE-2025-20072 — CVSS 6.5 (medium): Mattermost Mobile versions <= 2.22.0 fail to properly validate the style of proto supplied to an action's style in post.props.attachments…
CVE-2025-59480 — CVSS 6.1 (medium): Mattermost Mobile Apps versions <=2.32.0 fail to verify that SSO redirect tokens originate from the trusted server, which allows a…
CVE-2024-11358 — CVSS 5.7 (medium): Mattermost Android Mobile Apps versions <=2.21.0 fail to properly configure file providers which allows an attacker with local access to…
CVE-2019-20849 — CVSS 5.3 (medium): An issue was discovered in Mattermost Mobile Apps before 1.26.0. Cookie data can persist on a device after a logout.
CVE-2019-20850 — CVSS 5.3 (medium): An issue was discovered in Mattermost Mobile Apps before 1.26.0. A view cache can persist on a device after a logout.
CVE-2024-45833 — CVSS 4.5 (medium): Mattermost Mobile Apps versions <=2.18.0 fail to disable autocomplete during login while typing the password and visible password is…
CVE-2025-0476 — CVSS 4.3 (medium): Mattermost Mobile Apps versions <=2.22.0 fail to properly handle specially crafted attachment names, which allows an attacker to crash the…
CVE-2024-39767 — CVSS 4.2 (medium): Mattermost Mobile Apps versions <=2.16.0 fail to validate that the push notifications received for a server actually came from this serve…
CVE-2024-24975 — CVSS 3.5 (low): Uncontrolled Resource Consumption in Mattermost Mobile versions before 2.13.0 fails to limit the size of the code block that will be…
CVE-2024-3872 — CVSS 3.1 (low): Mattermost Mobile app versions 2.13.0 and earlier use a regular expression with polynomial complexity to parse certain deeplinks, which…
CVE-2024-32945 — CVSS 2.6 (low): Mattermost Mobile Apps versions <=2.16.0 fail to protect against abuse of a globally shared MathJax state which allows an attacker to…
CVE-2025-30516 — CVSS 2.0 (low): Mattermost Mobile Apps versions <=2.25.0 fail to terminate sessions during logout under certain conditions (e.g. poor connectivity)…