CVE-2026-6339

Same vendor

• CVE-2026-8683 — Mattermost Desktop App versions <=6.1 5.5.13.0 fail to account for attempting to open extremely long URLs in the Mattermost Desktop App w... (6.5 MEDIUM)
• CVE-2026-6517 — Mattermost Desktop App versions <=6.1 5.5.13.0 fail to restrict the allow list of domains to which NTLM credentials were forwarded to in ... (6.3 MEDIUM)
• CVE-2026-6957 — Mattermost Plugins versions <=1.1.5 fail to sanitize filenames received from federated peers before using them to construct export destin... (8.0 HIGH)
• CVE-2026-4915 — Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to filter nil elements from outgoing w... (6.5 MEDIUM)
• CVE-2026-4858 — Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to check integration URL for path trav... (8.0 HIGH)

Same CWE

• CVE-2026-12304 — Same-origin policy bypass in the Networking: Cookies component (9.1 CRITICAL)
• CVE-2026-47825 — Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios (8.6 HIGH)
• CVE-2026-9595 — Impact: When a user-configured proxy on webpack-dev-server has a broad context (e.g (5.3 MEDIUM)
• CVE-2026-11624 — The Model Context Protocol has a security warning advising servers to validate the "Origin" header on all incoming connections to prevent...
• CVE-2026-45173 — Idira Identity Browser Extension (Chrome, Firefox, and Edge builds) versions prior to 26.8.1 exhibit an origin validation flaw within its...