CVE-2026-1046
Published: 16 February 2026
Summary
CVE-2026-1046 is a high-severity Improper Authorization in Handler for Custom URL Scheme (CWE-939) vulnerability in Mattermost Mattermost Desktop. Its CVSS base score is 7.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 14.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-10 (Software Usage Restrictions) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2026-1046 is a vulnerability in the Mattermost Desktop App affecting versions <=6.0, 6.2.0, and 5.2.13.0. The app fails to validate help links, which enables a malicious Mattermost server to execute arbitrary executables on a user's system when the user clicks on certain items in the Help menu. Published on 2026-02-16, the issue is rated 7.6 on the CVSS v3.1 scale (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:L) and is associated with CWE-939.
An attacker who controls a Mattermost server can exploit this vulnerability against users connected to that server. Exploitation requires low privileges (PR:L) on the server side, user interaction (UI:R) by clicking Help menu items, and occurs over the network (AV:N). Successful exploitation allows execution of arbitrary executables on the victim's system, potentially leading to high confidentiality impacts and low availability disruption, with a scope change due to the privileged execution context.
Mattermost Advisory ID MMSA-2026-00577 provides details on mitigation. Security practitioners should refer to https://mattermost.com/security-updates for patch information and remediation guidance.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-6090
Vulnerability details
Mattermost Desktop App versions <=6.0 6.2.0 5.2.13.0 fail to validate help links which allows a malicious Mattermost server to execute arbitrary executables on a user’s system via the user clicking on certain items in the Help menu Mattermost Advisory ID:…
more
MMSA-2026-00577
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability in desktop client allows malicious server to trigger arbitrary executable execution via Help menu (user interaction), directly mapping to client-side exploitation and command execution techniques.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of help links as information inputs received from the Mattermost server to prevent processing malicious content leading to arbitrary executable execution.
Enforces restrictions on software execution to block arbitrary unauthorized executables launched via malicious help links in the desktop app.
Deploys malicious code protection mechanisms such as application whitelisting or antivirus to identify and block execution of arbitrary executables triggered by unvalidated help links.