[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-21386":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-06T02:55:33.997Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":23,"aliases":24,"duplicate_of":9,"upstream":27,"downstream":28,"duplicates":31,"related":32,"reserved_at":9,"published_at":34,"modified_at":35,"state":36,"summary":37,"references_raw":46,"kevs":73,"epss":74,"epss_history":77,"metrics":320,"affected":330},"CVE-2026-21386","Mattermost versions 11.3.x \u003C= 11.3.0, 11.2.x \u003C= 11.2.2, 10.11.x \u003C= 10.11.10 fail to use consistent error responses when handling the /mute command which allows an authenticated team member to enumerate private channels they are not authorized to know about via differing error messages for nonexistent versus private channels. Mattermost Advisory ID: MMSA-2026-00588",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-203","Observable Discrepancy","The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.","weakness","Incomplete","Base",[19],{"id":20,"name":21,"techniques":22},"CAPEC-189","Black Box Reverse Engineering",[],[],[25,26],"GHSA-5mr9-crcg-8wh2","GO-2026-4744",[],[29],{"_key":30},"SUSE-SU-2026:1135-1",[],[33],{"_key":30},"2026-03-16T14:51:43.263Z","2026-03-16T18:39:14.064Z","Analyzed",{"cisa_kev":38,"cisa_ransomware":38,"cisa_vendor":9,"epss_severity":39,"epss_score":40,"severity":41,"severity_score":42,"severity_version":43,"severity_source":44,"severity_vector":45,"severity_status":36},false,"low",0.00043,"medium",4.3,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",[47,55,60,64,69],{"url":48,"sources":49,"tags":52},"https://mattermost.com/security-updates",[44,50,51],"nvd","osv_go",[53,54],"Vendor Advisory","WEB",{"url":56,"sources":57,"tags":58},"https://nvd.nist.gov/vuln/detail/CVE-2026-21386",[51],[59],"Advisory",{"url":61,"sources":62,"tags":63},"https://github.com/mattermost/mattermost/commit/5bb5261c72faa476558a694c23581d24b734da41",[51],[54],{"url":65,"sources":66,"tags":67},"https://github.com/mattermost/mattermost",[51],[68],"PACKAGE",{"url":70,"sources":71,"tags":72},"https://github.com/advisories/GHSA-5mr9-crcg-8wh2",[51],[59],[],{"date":75,"score":40,"percentile":76},"2026-06-05",0.13575,[78,82,85,89,92,95,99,102,105,108,111,114,117,120,123,126,129,132,135,138,141,144,146,149,152,154,157,160,163,166,169,172,176,179,182,185,188,191,194,197,200,203,206,208,211,214,217,220,223,226,229,232,235,238,241,244,247,250,253,256,259,262,265,268,271,274,277,280,283,286,289,292,295,298,301,304,307,310,313,316,319],{"date":79,"score":80,"percentile":81},"2026-03-17",0.00027,0.07232,{"date":83,"score":80,"percentile":84},"2026-03-18",0.07229,{"date":86,"score":87,"percentile":88},"2026-03-19",0.00029,0.0778,{"date":90,"score":87,"percentile":91},"2026-03-20",0.0782,{"date":93,"score":87,"percentile":94},"2026-03-21",0.08043,{"date":96,"score":97,"percentile":98},"2026-03-22",0.00032,0.09211,{"date":100,"score":97,"percentile":101},"2026-03-23",0.09164,{"date":103,"score":97,"percentile":104},"2026-03-24",0.09147,{"date":106,"score":97,"percentile":107},"2026-03-25",0.09235,{"date":109,"score":97,"percentile":110},"2026-03-26",0.09314,{"date":112,"score":97,"percentile":113},"2026-03-27",0.09326,{"date":115,"score":97,"percentile":116},"2026-03-28",0.09346,{"date":118,"score":97,"percentile":119},"2026-03-29",0.09315,{"date":121,"score":97,"percentile":122},"2026-03-30",0.09288,{"date":124,"score":97,"percentile":125},"2026-03-31",0.09257,{"date":127,"score":97,"percentile":128},"2026-04-01",0.09244,{"date":130,"score":97,"percentile":131},"2026-04-02",0.09246,{"date":133,"score":97,"percentile":134},"2026-04-03",0.09258,{"date":136,"score":97,"percentile":137},"2026-04-04",0.09294,{"date":139,"score":97,"percentile":140},"2026-04-05",0.09285,{"date":142,"score":97,"percentile":143},"2026-04-06",0.0921,{"date":145,"score":97,"percentile":98},"2026-04-07",{"date":147,"score":97,"percentile":148},"2026-04-08",0.09286,{"date":150,"score":97,"percentile":151},"2026-04-09",0.0933,{"date":153,"score":97,"percentile":116},"2026-04-10",{"date":155,"score":97,"percentile":156},"2026-04-11",0.09341,{"date":158,"score":97,"percentile":159},"2026-04-12",0.09313,{"date":161,"score":97,"percentile":162},"2026-04-13",0.09299,{"date":164,"score":97,"percentile":165},"2026-04-14",0.09171,{"date":167,"score":97,"percentile":168},"2026-04-15",0.09188,{"date":170,"score":97,"percentile":171},"2026-04-16",0.09191,{"date":173,"score":174,"percentile":175},"2026-04-17",0.00037,0.10944,{"date":177,"score":174,"percentile":178},"2026-04-18",0.10945,{"date":180,"score":174,"percentile":181},"2026-04-19",0.10923,{"date":183,"score":174,"percentile":184},"2026-04-20",0.10907,{"date":186,"score":174,"percentile":187},"2026-04-21",0.11083,{"date":189,"score":174,"percentile":190},"2026-04-22",0.11132,{"date":192,"score":174,"percentile":193},"2026-04-23",0.11144,{"date":195,"score":174,"percentile":196},"2026-04-24",0.11031,{"date":198,"score":174,"percentile":199},"2026-04-25",0.11032,{"date":201,"score":174,"percentile":202},"2026-04-26",0.10985,{"date":204,"score":174,"percentile":205},"2026-04-27",0.10965,{"date":207,"score":174,"percentile":181},"2026-04-28",{"date":209,"score":174,"percentile":210},"2026-04-29",0.10919,{"date":212,"score":174,"percentile":213},"2026-04-30",0.10908,{"date":215,"score":174,"percentile":216},"2026-05-01",0.10884,{"date":218,"score":174,"percentile":219},"2026-05-02",0.10925,{"date":221,"score":174,"percentile":222},"2026-05-03",0.10904,{"date":224,"score":174,"percentile":225},"2026-05-04",0.10862,{"date":227,"score":174,"percentile":228},"2026-05-05",0.1086,{"date":230,"score":174,"percentile":231},"2026-05-06",0.10853,{"date":233,"score":174,"percentile":234},"2026-05-07",0.10996,{"date":236,"score":174,"percentile":237},"2026-05-08",0.11029,{"date":239,"score":174,"percentile":240},"2026-05-09",0.11067,{"date":242,"score":174,"percentile":243},"2026-05-10",0.1105,{"date":245,"score":174,"percentile":246},"2026-05-11",0.11033,{"date":248,"score":174,"percentile":249},"2026-05-12",0.11077,{"date":251,"score":174,"percentile":252},"2026-05-13",0.11095,{"date":254,"score":174,"percentile":255},"2026-05-14",0.11129,{"date":257,"score":174,"percentile":258},"2026-05-15",0.1113,{"date":260,"score":174,"percentile":261},"2026-05-16",0.11165,{"date":263,"score":174,"percentile":264},"2026-05-17",0.11142,{"date":266,"score":174,"percentile":267},"2026-05-18",0.11091,{"date":269,"score":174,"percentile":270},"2026-05-19",0.11053,{"date":272,"score":174,"percentile":273},"2026-05-20",0.11046,{"date":275,"score":174,"percentile":276},"2026-05-21",0.11028,{"date":278,"score":174,"percentile":279},"2026-05-22",0.11235,{"date":281,"score":40,"percentile":282},"2026-05-23",0.1333,{"date":284,"score":40,"percentile":285},"2026-05-24",0.13299,{"date":287,"score":40,"percentile":288},"2026-05-25",0.13286,{"date":290,"score":40,"percentile":291},"2026-05-26",0.13278,{"date":293,"score":40,"percentile":294},"2026-05-27",0.13371,{"date":296,"score":40,"percentile":297},"2026-05-28",0.13522,{"date":299,"score":40,"percentile":300},"2026-05-29",0.13584,{"date":302,"score":40,"percentile":303},"2026-05-30",0.13559,{"date":305,"score":40,"percentile":306},"2026-05-31",0.13534,{"date":308,"score":40,"percentile":309},"2026-06-01",0.13484,{"date":311,"score":40,"percentile":312},"2026-06-02",0.13486,{"date":314,"score":40,"percentile":315},"2026-06-03",0.13476,{"date":317,"score":40,"percentile":318},"2026-06-04",0.13494,{"date":75,"score":40,"percentile":76},[321,326,328],{"source":44,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":322,"cvss_v4_0":9},{"baseScore":42,"baseSeverity":323,"vectorString":45,"impactScore":324,"exploitabilityScore":325},"MEDIUM",2.3,7.2,{"source":50,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":327,"cvss_v4_0":9},{"baseScore":42,"baseSeverity":323,"vectorString":45,"impactScore":324,"exploitabilityScore":325},{"source":51,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":329,"cvss_v4_0":9},{"baseScore":42,"baseSeverity":9,"vectorString":45,"impactScore":324,"exploitabilityScore":325},[331,361,367,372,380,396],{"ecosystem":332,"name":333,"vendor":334,"product":335,"cpe_part":9,"purl_type":336,"purl_namespace":334,"purl_name":335,"source":9,"versions":337},"Go","github.com/mattermost/mattermost-server","github.com/mattermost","mattermost-server","golang",[338,346,349,353,357],{"version":339,"is_range":340,"range_type":341,"version_start":342,"version_start_type":343,"version_end":344,"version_end_type":345,"fixed_in":9},"gte11_3_0_rc1+incompatible_lt11_3_1+incompatible",true,"semver","11.3.0-rc1+incompatible","including","11.3.1+incompatible","excluding",{"version":347,"is_range":340,"range_type":341,"version_start":9,"version_start_type":9,"version_end":348,"version_end_type":345,"fixed_in":9},"lt5_3_2_0_20260130144323_5bb5261c72fa","5.3.2-0.20260130144323-5bb5261c72fa",{"version":350,"is_range":340,"range_type":341,"version_start":351,"version_start_type":343,"version_end":352,"version_end_type":345,"fixed_in":9},"gte10_11_0_rc1_lt10_11_11","10.11.0-rc1","10.11.11",{"version":354,"is_range":340,"range_type":341,"version_start":355,"version_start_type":343,"version_end":356,"version_end_type":345,"fixed_in":9},"gte11_2_0_rc1_lt11_2_3","11.2.0-rc1","11.2.3",{"version":358,"is_range":340,"range_type":341,"version_start":359,"version_start_type":343,"version_end":360,"version_end_type":345,"fixed_in":9},"gte11_3_0_rc1_lt11_3_1","11.3.0-rc1","11.3.1",{"ecosystem":332,"name":362,"vendor":333,"product":363,"cpe_part":9,"purl_type":336,"purl_namespace":333,"purl_name":363,"source":9,"versions":364},"github.com/mattermost/mattermost-server/v5","v5",[365],{"version":366,"is_range":340,"range_type":341,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"all",{"ecosystem":332,"name":368,"vendor":333,"product":369,"cpe_part":9,"purl_type":336,"purl_namespace":333,"purl_name":369,"source":9,"versions":370},"github.com/mattermost/mattermost-server/v6","v6",[371],{"version":366,"is_range":340,"range_type":341,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":332,"name":373,"vendor":374,"product":375,"cpe_part":9,"purl_type":336,"purl_namespace":374,"purl_name":375,"source":9,"versions":376},"github.com/mattermost/mattermost/server/v8","github.com/mattermost/mattermost/server","v8",[377],{"version":378,"is_range":340,"range_type":341,"version_start":9,"version_start_type":9,"version_end":379,"version_end_type":345,"fixed_in":9},"lt8_0_0_20260130144323_5bb5261c72fa","8.0.0-20260130144323-5bb5261c72fa",{"ecosystem":9,"name":381,"vendor":382,"product":382,"cpe_part":383,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":384},"Mattermost","mattermost","a",[385,388,392],{"version":386,"is_range":340,"range_type":44,"version_start":387,"version_start_type":343,"version_end":387,"version_end_type":343,"fixed_in":9},">= 11.3.0, \u003C= 11.3.0","11.3.0",{"version":389,"is_range":340,"range_type":44,"version_start":390,"version_start_type":343,"version_end":391,"version_end_type":343,"fixed_in":9},">= 11.2.0, \u003C= 11.2.2","11.2.0","11.2.2",{"version":393,"is_range":340,"range_type":44,"version_start":394,"version_start_type":343,"version_end":395,"version_end_type":343,"fixed_in":9},">= 10.11.0, \u003C= 10.11.10","10.11.0","10.11.10",{"ecosystem":9,"name":397,"vendor":382,"product":398,"cpe_part":383,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":399},"mattermost server","mattermost_server",[400,403,405],{"version":401,"is_range":340,"range_type":402,"version_start":394,"version_start_type":343,"version_end":352,"version_end_type":345,"fixed_in":9},"gte10.11.0_lt10.11.11","cpe",{"version":404,"is_range":340,"range_type":402,"version_start":390,"version_start_type":343,"version_end":356,"version_end_type":345,"fixed_in":9},"gte11.2.0_lt11.2.3",{"version":406,"is_range":340,"range_type":402,"version_start":387,"version_start_type":343,"version_end":360,"version_end_type":345,"fixed_in":9},"gte11.3.0_lt11.3.1"]