NVD HIGH: CVE-2026-3473 — Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11....

Friday, May 22, 2026 at 11:16 AM UTC·Source: NIST NVD

Updated: Wednesday, May 27, 2026 at 05:00 PM UTC

Executive Summary

Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to validate file ownership and access control, which allows an authenticated user to access and download files belonging to other users or teams via crafted Boards API requests using valid file IDs.. Mattermost Advisory ID: MMSA-2026-00620

Analysis

Indicators of Compromise (1)

CVE (1)

CVE-2026-3473

NVD MITRE CVE

Source Attribution

Originally published by NIST NVD on May 22, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerabilityNEW

Parents Sue Minnesota Hospital to Enforce HIPAA Right of Access for Minor Child’s Medical Records

The parents of a 15-year-old child have filed a lawsuit against a Minnesota hospital for failing to provide them with […] The post Parents Sue Minnesota Hospital to Enforce HIPAA Right of Access for Minor Child’s Medical Records appeared first on The HIPAA Journal .

35m agoHIPAA Journal

MEDIUMVulnerabilityNEW

Infosecurity Europe: NCSC Urges Immediate Action to Boost Resilience as Uncertainty Persists

NCSC director of operations, Paul Chichester, says it’s time to future-proof cybersecurity today

55m agoInfosecurity Magazine

MEDIUMVulnerability

XTrasfer and BBVA team i cross-border payments

XTransfer, the world’s leading B2B cross-border trade payment platform, and BBVA, a global financial group, have signed a Memorandum of Understanding (MOU) during Money20/20 Europe 2026 in Amsterdam to deepen cross-border payment infrastructure across Latin America and Europe.

1h agoFinextra