What is CVE-2026-3112?

CVE-2026-3112 is a medium-severity vulnerability in Mattermost, classified under Path Traversal. CVSS score: 6.8/10. Published 2026-03-26.

How severe is CVE-2026-3112?

Medium severity. CVSS v3 base score is 6.8 out of 10.

Path Traversal in Mattermost

CVE-2026-3112

Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to validate Advanced Logging file target paths which allows system administrators to read arbitrary host files via malicious AdvancedLogging…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.000 (5.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N.

Affected products

Mattermost — versions 11.4.0, 11.3.0, 11.2.0

Weakness classification (CWE)

CWE-22 — Path Traversal

References

MMSA-2025-00562 (vendor-advisory)

Frequently asked questions

What is CVE-2026-3112?: CVE-2026-3112 is a medium-severity vulnerability in Mattermost, classified under Path Traversal. CVSS score: 6.8/10. Published 2026-03-26.
How severe is CVE-2026-3112?: Medium severity. CVSS v3 base score is 6.8 out of 10.