The Mattermost Desktop App is a native client for the Mattermost open-source messaging and collaboration platform. It allows users to create and participate in chat rooms, integrate with online services, and operate in private chats separate from the main server. The app supports Windows, Mac and Linux operating systems and its functionality is similar to messaging apps like Slack.

Mattermost Desktop App

Mattermost Desktop App versions <=5.13.3 fail to attach listeners restricting navigation to external sites within the Mattermost app which allows a malicious server to expose preload script functionality to untrusted servers via having a user open an external link in their Mattermost server. Mattermost Advisory ID: MMSA-2026-00596

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-1046	MEDIUM	6.5	Mattermost Desktop App	cpe:2.3:a:mattermost:mattermost_desktop	No	Yes	Feb 16, 2026
CVE-2025-55035	MEDIUM	6.1	Mattermost Desktop App	cpe:2.3:a:mattermost:mattermost_desktop	No	Yes	Oct 16, 2025
CVE-2026-1628	MEDIUM	4.6	Mattermost Desktop App	cpe:2.3:a:mattermost:mattermost_desktop	No	Yes	Mar 02, 2026
CVE-2025-13326	LOW	3.9	Mattermost Desktop App	cpe:2.3:a:mattermost:mattermost_desktop	No	Yes	Dec 17, 2025
CVE-2025-13321	LOW	3.3	JavaScript	mattermost-desktop	No	Yes	Dec 17, 2025

CVE-2026-1628:
Mattermost Desktop App vulnerability analysis and mitigation

4.6

Related Mattermost Desktop App vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2026-1628: Mattermost Desktop App vulnerability analysis and mitigation