CVE-2026-1628

< 5.13.4

Mattermost Desktop App versions <=5.13.3 fail to attach listeners restricting navigation to external sites within the Mattermost a

4.6MEDIUM

CVE-2026-1046

>= 5.13.2 and < 5.13.3

Mattermost Desktop App versions <=6.0 6.2.0 5.2.13.0 fail to validate help links which allows a malicious Mattermost server to exe

7.6HIGH

CVE-2025-13326

< 6.0.0

Mattermost Desktop App versions <6.0.0 fail to enable the Hardened Runtime on the Mattermost Desktop App when packaged for Mac App

3.9LOW

CVE-2025-13321

< 6.0.0

Mattermost Desktop App versions <6.0.0 fail to sanitize sensitive information from Mattermost logs and clear data on server deleti

3.3LOW

CVE-2025-55035

< 5.13.1.0

Mattermost Desktop App versions <=5.13.0 fail to manage modals in the Mattermost Desktop App that stops a user with a server that

6.1MEDIUM

CVE-2025-58084

< 5.13.1.0

Mattermost Desktop App versions <= 5.13.0 fail to validate URLs external to the configured Mattermost servers, allowing an attacke

3.5LOW

CVE-2025-1398

< 5.11.0

Mattermost Desktop App versions <=5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote a

3.3LOW

CVE-2024-45835

< 5.9.0

Mattermost Desktop App versions <=5.8.0 fail to sufficiently configure Electron Fuses which allows an attacker to gather Chromium

2.5LOW

CVE-2024-39772

< 5.9.0

Mattermost Desktop App versions <=5.8.0 fail to safeguard screen capture functionality which allows an attacker to silently captur

3.7LOW

CVE-2024-39613

< 5.9.0

Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local a

5.3MEDIUM

CVE-2024-37182

<= 5.7.0

Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote

4.7MEDIUM

CVE-2024-36287

<= 5.7.0

Mattermost Desktop App versions <=5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions

3.8LOW

CVE-2023-5920

< 5.5.1

Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other proces

2.9LOW

CVE-2023-5876

< 5.5.1

Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled serve

3.1LOW

CVE-2023-5875

< 5.5.1

Mattermost Desktop fails to correctly handle permissions or prompt the user for consent on certain sensitive ones allowing media

3.7LOW

CVE-2023-5339

<= 5.4.0

Mattermost Desktop fails to set an appropriate log level during initial run after fresh installation resulting in logging all ke

4.7MEDIUM

CVE-2023-2000

<= 5.2.2

Mattermost Desktop App fails to validate a mattermost server redirection and navigates to an arbitrary website

5.4MEDIUM

CVE-2016-11064

< 3.4.0

An issue was discovered in Mattermost Desktop App before 3.4.0. Strings could be executed as code via injection.

9.8CRITICAL

CVE-2018-21265

< 4.0.0

An issue was discovered in Mattermost Desktop App before 4.0.0. It mishandled the Same Origin Policy for setPermissionRequestHandl

5.3MEDIUM

CVE-2019-20861

< 4.2.2

An issue was discovered in Mattermost Desktop App before 4.2.2. It allows attackers to execute arbitrary code via a crafted link.

8.8HIGH

CVE-2019-20856

< 4.3.0

An issue was discovered in Mattermost Desktop App before 4.3.0 on macOS. It allows dylib injection.

9.8CRITICAL

CVE-2020-14456

< 4.4.0

An issue was discovered in Mattermost Desktop App before 4.4.0. The Same Origin Policy is mishandled during access-control decisio

7.3HIGH

CVE-2020-14455

< 4.4.0

An issue was discovered in Mattermost Desktop App before 4.4.0. Prompting for HTTP Basic Authentication is mishandled, allowing ph

6.5MEDIUM

CVE-2020-14454

< 4.4.0

An issue was discovered in Mattermost Desktop App before 4.4.0. Attackers can open web pages in the desktop application because se

6.1MEDIUM