CVE-2026-3636 Detail

Source: Nvd.Nist

Published:

<p>Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to sanitize team member data when returned via API to users without elevated permissions which allows a user without permissions to get data team members roles via invoking various team API endpoint

Read original article