Nixpkgs Security Tracker

Login with GitHub

Details of issue NIXPKGS-2026-0260

NIXPKGS-2026-0260
published on 17 Feb 2026
Permalink CVE-2026-0999
updated 4 days, 3 hours ago by @LeSuisse Activity log
  • Created automatic suggestion 4 days, 13 hours ago
  • @LeSuisse removed
    4 packages
    • mattermost-desktop
    • python312Packages.mattermostdriver
    • python313Packages.mattermostdriver
    • python314Packages.mattermostdriver
    4 days, 4 hours ago
  • @LeSuisse removed
    5 maintainers
    • @ryantm
    • @mgdelacroix
    • @numinit
    • @Kranzes
    • @fsagbuya
    4 days, 3 hours ago
  • @LeSuisse accepted 4 days, 3 hours ago
  • @LeSuisse published on GitHub 4 days, 3 hours ago
Authentication bypass via userID login when email and username login are disabled

Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to properly validate login method restrictions which allows an authenticated user to bypass SSO-only login requirements via userID-based authentication. Mattermost Advisory ID: MMSA-2025-00548

Affected products

Mattermost
  • =<10.11.9
  • ==11.3.0
  • ==11.1.3
  • =<11.1.2
  • ==11.2.2
  • =<11.2.1
  • ==10.11.10

Matching in nixpkgs

Package maintainers

Ignored maintainers (5) 
Fixed in:
* Unstable: https://github.com/NixOS/nixpkgs/pull/480349 / https://github.com/NixOS/nixpkgs/pull/478724
* 25.11: https://github.com/NixOS/nixpkgs/pull/480574 / https://github.com/NixOS/nixpkgs/pull/479561