V
Scaner-VS
vulnerability catalog · v4.2
Home
Catalog
References
Reference catalogs
Sources
Upstream vulnerability databases
CWE
Common Weakness Enumeration
CAPEC
Attack pattern catalog
ATT&CK
Adversary tactics & techniques
Mitigations
ATT&CK Mitigations (M-codes)
Products
Affected products & software
Vendors
Vendors & manufacturers
Docs
EN
RU
Home
Catalog
Sources
CWE
CAPEC
ATT&CK
Mitigations
Products
Vendors
Docs
← Back to List
Mattermost
›
Application
nvd
Legal Hold
Vulnerabilities
1
Known exploited
0
Max CVSS
4.9
Top EPSS
0.0029
Severity breakdown
Critical
0
High
0
Medium
1
Low
0
Affected version ranges
≤ 1.1.5
Also matched as (raw):
legal_hold
Top vulnerabilities
CVE-2026-6957
Mattermost Plugins versions <=1.1.5 fail to sanitize filenames received from federated peers before using them to construct export destination paths, which allows an administrator of a remote federated Mattermost server to write files to arbitrary locations within the target server's filestore via a malicious filename delivered through the shared-channel attachment sync protocol. Mattermost Advisory ID: MMSA-2026-00659
View vendor →
Open in catalog with product filter →