CVE Catalog

CVE-2026-8823

LowCVSS 3.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.23%

14th percentile — higher than 14% of all known CVEs

Summary

A vulnerability in Mattermost versions 11.7.x <= 11.7.0 and 10.11.x <= 10.11.17 is due to missing validation of bot targets when demoting users to guests. This allows a lower-privileged administrator to degrade arbitrary bot accounts via the standard demote-user API.

Risk Assessment

The risk involves the possibility of unauthorized degradation of bot accounts by a lower-privileged administrator, which may disrupt automated processes and system functions.

Recommendation

It is recommended to immediately upgrade Mattermost to version 11.7.1 or later (for the 11.7.x branch) and to version 10.11.18 or later (for the 10.11.x branch).

Original NVD description (English source)

Mattermost versions 11.7.x <= 11.7.0, 10.11.x <= 10.11.17 fail to validate bot targets when demoting users to guests which allows a lower-privileged administrator to degrade arbitrary bot accounts via the standard demote-user API.. Mattermost Advisory ID: MMSA-2026-00669

Vulnerability data from NVD (NIST) · CISA KEV · EPSS