Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.3
Mattermost Plugin Zoom: Unauthorized Access to Zoom Meeting Restrictions
CVE-2026-0997
GHSA-2phx-frhf-xr55
Summary
Mattermost Plugin Zoom for versions 10.11 and 11.1, and all versions of the Zoom plugin up to 1.11, have a security flaw that allows any logged-in user to change Zoom meeting settings for any channel. This could lead to unexpected or unauthorized changes to meeting settings. To fix this issue, update the Mattermost Plugin Zoom to version 1.11.1 or later.
What to do
- Update github.com mattermost to version 1.11.0.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| github.com | mattermost | <= 1.11.0 | 1.11.0 |
| mattermost | mattermost_server | > 10.11.0 , <= 10.11.10 | – |
| mattermost | mattermost_server | > 11.1.0 , <= 11.1.3 | – |
| mattermost | mattermost_server | > 11.2.0 , <= 11.2.2 | – |
| mattermost | zoom | <= 1.11.0 | – |
Original title
Mattermost Plugin Zoom allows any logged-in user to change Zoom meeting restrictions for arbitrary channels
Original description
Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 and Mattermost Plugin Zoom versions <=1.11.0 fail to validate the authenticated user when processing {{/plugins/zoom/api/v1/channel-preference}}, which allows any logged-in user to change Zoom meeting restrictions for arbitrary channels via crafted API requests.. Mattermost Advisory ID: MMSA-2025-00558
nvd CVSS3.1
4.3
Vulnerability type
CWE-863
Incorrect Authorization
Published: 16 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026