CVE-2026-0997 – This vulnerability allows any authenticated Mat... (How to Fix)

Q: How do I fix CVE-2026-0997?

1. Update Mattermost to patched versions: 11.1.3, 10.11.10, or 11.2.2. 2. Update Mattermost Plugin Zoom to version 1.11.1 or later. 3. Restart Mattermost service after updates.

Q: What is the severity of CVE-2026-0997?

CVE-2026-0997 has a CVSS score of 4.3 (MEDIUM). This vulnerability allows any authenticated Mattermost user to modify Zoom meeting restrictions for any channel via API requests. Affected systems include Mattermost versions 11.1.x up to 11.1.2, 10.11.x up to 10.11.9, 11.2.x up to 11.2.1, and Mattermost Plugin Zoom versions up to 1.11.0.

📋 TL;DR

This vulnerability allows any authenticated Mattermost user to modify Zoom meeting restrictions for any channel via API requests. Affected systems include Mattermost versions 11.1.x up to 11.1.2, 10.11.x up to 10.11.9, 11.2.x up to 11.2.1, and Mattermost Plugin Zoom versions up to 1.11.0.

💻 Affected Systems

Products:

Mattermost
Mattermost Plugin Zoom

Versions: Mattermost: 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1; Mattermost Plugin Zoom: <=1.11.0

Operating Systems: All platforms running affected Mattermost versions

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the Zoom plugin API endpoint handling. All default configurations with the Zoom plugin are affected.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Malicious insider or compromised account could disrupt Zoom meeting functionality across all channels, potentially interfering with business communications and collaboration.

🟠

Likely Case

Unauthorized modification of Zoom meeting settings for specific channels, causing confusion or minor disruption to team communications.

🟢

If Mitigated

Limited impact with proper access controls and monitoring, as exploitation requires authenticated access.

🌐 Internet-Facing: MEDIUM - Exploitable if Mattermost instance is internet-accessible, but requires authenticated user access.

🏢 Internal Only: MEDIUM - Internal users with valid credentials can exploit this vulnerability to affect channel settings.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW - Requires sending crafted API requests to the vulnerable endpoint.

Exploitation requires authenticated access to Mattermost. The vulnerability is in authorization validation logic.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Mattermost: 11.1.3, 10.11.10, 11.2.2; Mattermost Plugin Zoom: 1.11.1

Vendor Advisory: https://mattermost.com/security-updates

Restart Required: Yes

Instructions:

1. Update Mattermost to patched versions: 11.1.3, 10.11.10, or 11.2.2. 2. Update Mattermost Plugin Zoom to version 1.11.1 or later. 3. Restart Mattermost service after updates.

🔧 Temporary Workarounds

Disable Zoom Plugin

all

Temporarily disable the Zoom plugin to prevent exploitation of the vulnerable endpoint.

mmctl plugin disable zoom

Restrict API Access

all

Implement network-level restrictions to limit access to the vulnerable API endpoint.

🧯 If You Can't Patch

Implement strict access controls and monitor for unusual API requests to /plugins/zoom/api/v1/channel-preference
Disable the Zoom plugin entirely until patching is possible

🔍 How to Verify

Check if Vulnerable:

Check Mattermost version via web interface Admin Console > System Console > About, or run: mmctl version

Check Version:

mmctl version

Verify Fix Applied:

Verify Mattermost version is 11.1.3, 10.11.10, 11.2.2 or later, and Zoom plugin is 1.11.1 or later.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /plugins/zoom/api/v1/channel-preference from non-admin users
Multiple failed authorization attempts for Zoom plugin endpoints

Network Indicators:

Unusual API traffic patterns to Zoom plugin endpoints
Requests to channel-preference endpoint from unexpected user accounts

SIEM Query:

source="mattermost" AND (uri_path="/plugins/zoom/api/v1/channel-preference" AND http_method="POST")

📊 Metadata

CVE ID: CVE-2026-0997

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE: CWE-863

Published: February 16, 2026

Last Updated: February 18, 2026

🔗 References

https://mattermost.com/security-updates Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-0997, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Mattermost Server by Mattermost

Mattermost Server by Mattermost

Mattermost Server by Mattermost

Zoom by Mattermost

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable Zoom Plugin

Restrict API Access

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities