CVE-2026-6517
MediumCVSS 6.3Exploitation Probability (EPSS)
Low risk8th percentile — higher than 8% of all known CVEs
Summary
Mattermost Desktop App versions <=6.1 5.5.13.0 fail to restrict the allow list of domains to which NTLM credentials were forwarded. This allows any user on a server without the image proxy enabled to intercept other users' credentials via embedding an image that routes to an external web server.
Risk Assessment
The risk associated with this vulnerability is the potential interception of user credentials, which could lead to unauthorized access to the organization's systems and data.
Recommendation
It is recommended to update the Mattermost Desktop App to the latest version that implements appropriate restrictions on NTLM credential forwarding and to enable image proxy on the server.
Original NVD description (English source)
Mattermost Desktop App versions <=6.1 5.5.13.0 fail to restrict the allow list of domains to which NTLM credentials were forwarded to in the Mattermost Desktop App which allows any user on a server without the image proxy enabled to intercept other users credentials via embedding an image that routes to an external web server. Mattermost Advisory ID: MMSA-2026-00651

