Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.6
Mattermost Desktop App: Malicious Server Can Expose User Data
CVE-2026-1628
Summary
Mattermost Desktop App versions 5.13.3 and earlier allow a malicious server to access user data if a user clicks on a link to an external site from within the app. This is a security risk because it could allow an attacker to steal sensitive information. To fix this issue, update to version 5.13.4 or later.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| mattermost | mattermost_desktop | <= 5.13.4 | – |
Original title
Mattermost Desktop App versions <=5.13.3 fail to attach listeners restricting navigation to external sites within the Mattermost app which allows a malicious server to expose preload script functio...
Original description
Mattermost Desktop App versions <=5.13.3 fail to attach listeners restricting navigation to external sites within the Mattermost app which allows a malicious server to expose preload script functionality to untrusted servers via having a user open an external link in their Mattermost server. Mattermost Advisory ID: MMSA-2026-00596
nvd CVSS3.1
4.6
Vulnerability type
CWE-829
- https://mattermost.com/security-updates Vendor Advisory
Published: 2 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026