Login Sign Up

CVE-2026-1628

4.6 MEDIUM

📋 TL;DR

The Mattermost Desktop App vulnerability allows malicious Mattermost servers to expose preload script functionality to untrusted external sites when users click external links. This affects all users of Mattermost Desktop App versions 5.13.3 and earlier who interact with compromised or malicious Mattermost servers.

💻 Affected Systems

Products:
  • Mattermost Desktop App
Versions: <= 5.13.3
Operating Systems: Windows, macOS, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations are vulnerable. Requires user to click external links from a malicious Mattermost server.

📦 What is this software?

Mattermost Desktop by Mattermost

View all CVEs affecting Mattermost Desktop →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Malicious server could execute arbitrary code on user's system through exposed preload scripts, potentially leading to full system compromise.

🟠

Likely Case

Malicious server could steal sensitive data from the Mattermost app or user's system through script injection.

🟢

If Mitigated

Limited data exposure from the Mattermost app context without system-level access.

🌐 Internet-Facing: MEDIUM - Requires user interaction with malicious server but exploit is straightforward once user clicks external link.
🏢 Internal Only: MEDIUM - Internal malicious servers could exploit this, but requires user to click external links from that server.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires user interaction (clicking external link) but the technical complexity is low once that occurs.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.14.0 or later

Vendor Advisory: https://mattermost.com/security-updates

Restart Required: Yes

Instructions:

1. Download Mattermost Desktop App version 5.14.0 or later from official sources. 2. Install the update. 3. Restart the application. 4. Verify version is updated.

🔧 Temporary Workarounds

Disable External Link Opening

all

Prevent Mattermost from opening external links automatically

No CLI commands - Configure in Mattermost Desktop App settings

Use Web Browser Version

all

Use Mattermost web interface instead of desktop app

🧯 If You Can't Patch

  • Train users to avoid clicking external links from untrusted Mattermost servers
  • Implement network controls to restrict access to potentially malicious external domains

🔍 How to Verify

Check if Vulnerable:

Check Mattermost Desktop App version in Help > About. If version is 5.13.3 or earlier, you are vulnerable.

Check Version:

On Windows: Check Help > About. On macOS: Mattermost > About Mattermost. On Linux: Help > About.

Verify Fix Applied:

Verify version is 5.14.0 or later in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

  • Unusual external link navigation patterns
  • Multiple failed navigation attempts to external domains

Network Indicators:

  • Unexpected connections from Mattermost desktop app to external domains after clicking links

SIEM Query:

process.name:"Mattermost.exe" AND network.destination.domain:!mattermost.com AND network.destination.domain:!trusted-domains.com

📊 Metadata

CVE ID: CVE-2026-1628
CVSS v3 Score: 4.6 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
CWE: CWE-829
Published: March 2, 2026
Last Updated: March 5, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-1628, you might also want to check these:

CVE-2026-1699 10.0

This CVE describes a critical GitHub Actions vulnerability in Eclipse Theia's website repository whe...

Same vulnerability type (CWE-829)
CVE-2022-1161 10.0

This vulnerability allows attackers with program modification access to alter user program code on R...

Same vulnerability type (CWE-829)
CVE-2025-0982 10.0

A sandbox escape vulnerability in Google Cloud Application Integration's JavaScript Task feature all...

Same vulnerability type (CWE-829)