Mattermost OAuth Code Redemption Identity Bypass in 10.11.13 & 11.5.1
CVE-2026-6334 Published on May 18, 2026
OAuth authorization code client binding not enforced during token redemption in Mattermost
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to enforce client identity binding during the OAuth authorization code redemption flow which allows an authenticated OAuth client to redeem authorization codes issued to a different client via a crafted token exchange request.. Mattermost Advisory ID: MMSA-2026-00570
Vulnerability Analysis
CVE-2026-6334 is exploitable with network access, requires user interaction and user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
Weakness Type
Authentication Bypass by Primary Weakness
The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
Products Associated with CVE-2026-6334
Want to know whenever a new CVE is published for MatterMost? stack.watch will email you.
Affected Versions
Mattermost:- Version 11.5.0, <= 11.5.1 is affected.
- Version 10.11.0, <= 10.11.13 is affected.
- Version 11.6.0 is unaffected.
- Version 11.5.2 is unaffected.
- Version 10.11.14 is unaffected.