Cyber Resilience

CVE-2026-1046

High

Published: 16 February 2026

Published
16 February 2026
Modified
23 March 2026
KEV Added
Patch
CVSS Score v3.1 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:L
EPSS Score 0.0004 14.3th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-1046 is a high-severity Improper Authorization in Handler for Custom URL Scheme (CWE-939) vulnerability in Mattermost Mattermost Desktop. Its CVSS base score is 7.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 14.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-10 (Software Usage Restrictions) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-1046 is a vulnerability in the Mattermost Desktop App affecting versions <=6.0, 6.2.0, and 5.2.13.0. The app fails to validate help links, which enables a malicious Mattermost server to execute arbitrary executables on a user's system when the user clicks on certain items in the Help menu. Published on 2026-02-16, the issue is rated 7.6 on the CVSS v3.1 scale (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:L) and is associated with CWE-939.

An attacker who controls a Mattermost server can exploit this vulnerability against users connected to that server. Exploitation requires low privileges (PR:L) on the server side, user interaction (UI:R) by clicking Help menu items, and occurs over the network (AV:N). Successful exploitation allows execution of arbitrary executables on the victim's system, potentially leading to high confidentiality impacts and low availability disruption, with a scope change due to the privileged execution context.

Mattermost Advisory ID MMSA-2026-00577 provides details on mitigation. Security practitioners should refer to https://mattermost.com/security-updates for patch information and remediation guidance.

EU & UK References

Vulnerability details

Mattermost Desktop App versions <=6.0 6.2.0 5.2.13.0 fail to validate help links which allows a malicious Mattermost server to execute arbitrary executables on a user’s system via the user clicking on certain items in the Help menu Mattermost Advisory ID:…

more

MMSA-2026-00577

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

Vulnerability in desktop client allows malicious server to trigger arbitrary executable execution via Help menu (user interaction), directly mapping to client-side exploitation and command execution techniques.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-25274Same vendor: Mattermost
CVE-2025-24490Same vendor: Mattermost
CVE-2025-14273Same vendor: Mattermost
CVE-2025-20621Same vendor: Mattermost
CVE-2025-12421Same vendor: Mattermost
CVE-2025-25068Same vendor: Mattermost
CVE-2026-4858Same vendor: Mattermost
CVE-2026-6346Same vendor: Mattermost
CVE-2025-25279Same vendor: Mattermost
CVE-2026-24458Same vendor: Mattermost

Affected Assets

mattermost
mattermost desktop
5.13.2 — 5.13.3 · 6.0.0 — 6.0.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of help links as information inputs received from the Mattermost server to prevent processing malicious content leading to arbitrary executable execution.

prevent

Enforces restrictions on software execution to block arbitrary unauthorized executables launched via malicious help links in the desktop app.

preventdetect

Deploys malicious code protection mechanisms such as application whitelisting or antivirus to identify and block execution of arbitrary executables triggered by unvalidated help links.

References