CVE-2026-2299

4.2

MEDIUMCVSS v3

Published

June 25, 2026

Affected

1 project

Assigned by

[email protected]

Severity scale

010

Description

The Mattermost Google Drive plugin before version 1.1.0 fails to validate channel membership in the file creation endpoint, allowing authenticated users with a connected Google account to share Google Drive files to unauthorized private channels and disclose private channel membership.

mattermost/mattermost-plugin-google-drive

GitHubGoogle Drive plugin for Mattermost

NVD

More on this CVE

NVD↗GitHub Advisory↗