Mattermost Desktop
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Mattermost Desktop.
By the Year
In 2026 there have been 1 vulnerability in Mattermost Desktop with an average score of 7.6 out of ten. Last year, in 2025 Mattermost Desktop had 2 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Mattermost Desktop in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 4.00.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 1 | 7.60 |
| 2025 | 2 | 3.60 |
| 2024 | 5 | 5.80 |
| 2023 | 4 | 5.38 |
It may take a day or so for new Mattermost Desktop vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Mattermost Desktop Security Vulnerabilities
Mattermost Desktop App <=6.0 Help Link RCE CVE-2026-1046 via Malicious Server
CVE-2026-1046
7.6 - High
- February 16, 2026
Mattermost Desktop App versions <=6.0 6.2.0 5.2.13.0 fail to validate help links which allows a malicious Mattermost server to execute arbitrary executables on a users system via the user clicking on certain items in the Help menu Mattermost Advisory ID: MMSA-2026-00577
Improper Authorization in Handler for Custom URL Scheme
Mattermost <6.0.0 HR Disabled on MacAppStore TCC Inherit Attack
CVE-2025-13326
3.9 - Low
- December 17, 2025
Mattermost Desktop App versions <6.0.0 fail to enable the Hardened Runtime on the Mattermost Desktop App when packaged for Mac App Store which allows an attacker to inherit TCC permissions via copying the binary to a tmp folder.
Protection Mechanism Failure
Mattermost Desktop <6.0 Log Sanitization Bypass
CVE-2025-13321
3.3 - Low
- December 17, 2025
Mattermost Desktop App versions <6.0.0 fail to sanitize sensitive information from Mattermost logs and clear data on server deletion which allows an attacker with access to the users system to gain access to potentially sensitive information via reading the application logs.
Insertion of Sensitive Information into Log File
Mattermost Desktop App<=5.8.0: Electron Fuses Misconfig Vulnerability
CVE-2024-45835
6.5 - Medium
- September 16, 2024
Mattermost Desktop App versions <=5.8.0 fail to sufficiently configure Electron Fuses which allows an attacker to gather Chromium cookies or abuse other misconfigurations via remote/local access.
Mattermost Desktop App <=5.8.0 JSCapture Snafu JavaScript Screen Shot Leak
CVE-2024-39772
5.3 - Medium
- September 16, 2024
Mattermost Desktop App versions <=5.8.0 fail to safeguard screen capture functionality which allows an attacker to silently capture high-quality screenshots via JavaScript APIs.
RCE via relative path in Mattermost Desktop App <=5.8.0 cmd.exe lookup
CVE-2024-39613
7.8 - High
- September 16, 2024
Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that machine.
DLL preloading
Mattermost Desktop App <=5.7.0: Prompt Enables Remote Exec via Cust URI Schemes
CVE-2024-37182
6.1 - Medium
- June 14, 2024
Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI schemes.
TCC Bypass via Electron Debug Flags in Mattermost Desktop App <=5.7.0
CVE-2024-36287
3.3 - Low
- June 14, 2024
Mattermost Desktop App versions <=5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on macOS.
Mattermost DoS via unvalidated RegExp in server URL path
CVE-2023-5876
5.3 - Medium
- November 02, 2023
Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service.
Mattermost Desktop: Improper Permission Handling Allows Media Exploitation
CVE-2023-5875
5.3 - Medium
- November 02, 2023
Mattermost Desktop fails to correctly handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server
Mattermost Desktop Log Level Issue Exposes Keystrokes
CVE-2023-5339
5.5 - Medium
- October 17, 2023
Mattermost Desktop fails to set an appropriate log level during initial run after fresh installation resulting in logging all keystrokes including password entry being logged.
Insertion of Sensitive Information into Log File
Mattermost Desktop App Redirect Validation Bypass to Arbitrary Sites
CVE-2023-2000
5.4 - Medium
- May 02, 2023
Mattermost Desktop App fails to validate a mattermost server redirection and navigates to an arbitrary website
Open Redirect
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Mattermost Desktop or by MatterMost? Click the Watch button to subscribe.
