CVE-2026-22892

Summary

Mattermost doesn't validate user permissions when creating Jira issues from Mattermost posts in github.com/mattermost/mattermost-server

Severity

medium

EPSS

0.2% (p15)

Also known as

GHSA-9pj7-jh2r-87g8, GO-2026-4496

Published

2026-02-23

References

• https://github.com/advisories/GHSA-9pj7-jh2r-87g8
• https://nvd.nist.gov/vuln/detail/CVE-2026-22892
• https://mattermost.com/security-updates

Related advisories

• CVE-2026-6346 — high · Go/github.com/mattermost/mattermost-server
• CVE-2026-6347 — high · Go/github.com/mattermost/mattermost-server
• CVE-2026-6339 — medium · Go/github.com/mattermost/mattermost-server
• CVE-2026-5163 — medium · Go/github.com/mattermost/mattermost-server
• CVE-2026-28732 — medium · Go/github.com/mattermost/mattermost-server
• CVE-2026-6345 — medium · Go/github.com/mattermost/mattermost-server
• CVE-2026-6340 — medium · Go/github.com/mattermost/mattermost-server
• CVE-2026-3637 — medium · Go/github.com/mattermost/mattermost-server

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Summarize with AI

ChatGPTClaudePerplexity