CVE-2026-27656
Account Takeover via Substring Matching in OpenID Connect AuthenticationMattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to properly validate user identity in the OpenID {{IsSameUser()}} comparison logic, which allows an attacker to take over arbitrary user accounts via an overly permissive substring matching flaw in the user discovery flow.. Mattermost Advisory ID: MMSA-2026-00590
We have discovered 174 live websites that are affected by CVE-2026-27656.
Affected Software
| Product |  Mattermost |
| Category | Message Boards |
| Vulnerable Domains | 174 live websites (42% of Mattermost install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 14 versions ( 21% of all versions) |
Common Weakness Enumeration
CWE-303 Incorrect Implementation of Authentication AlgorithmDetails
- Published - Mar 25, 2026
- Updated - Mar 26, 2026
Credits
- Christopher Poile (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2026-27656 United States | 35 websites |
 Germany | 46 websites |
 France | 22 websites |
 Singapore | 20 websites |
 GB | 8 websites |
 Russia | 7 websites |
 Canada | 6 websites |
 Netherlands | 4 websites |
 Switzerland | 2 websites |
Website Distribution by TLD
Number of websites using CVE-2026-27656| .com | 47 websites |
| .de | 24 websites |
| .org | 21 websites |
| .fr | 12 websites |
| .net | 9 websites |
| .ru | 6 websites |
| .ca | 4 websites |
| .nl | 3 websites |
| .co.uk | 3 websites |
| .co | 2 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2026-27656
Top websites that are affected by CVE-2026-27656. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***********.com | Germany | ***,*** | |
| ****.*******.com | GB | ***,*** | |
| **********.*********.org | France | ***,*** | |
| ************.com | United States | *,***,*** | |
| **.*****.re | Germany | *,***,*** | |
| **********.*********.org | France | *,***,*** | |
| ****.*******.com | Germany | *,***,*** | |
| **********.*****.at |  Austria | *,***,*** | |
| ***********.com | Singapore | *,***,*** | |
| ***************.no | Germany | *,***,*** |
FAQ
CVE-2026-27656 is Incorrect Implementation of Authentication Algorithm in Mattermost
A total of 174 websites have been identified as vulnerable to CVE-2026-27656, based on global website indexing conducted by WebTechSurvey.
The Mattermost is affected by the CVE-2026-27656 vulnerability.
Mattermost versions up to and including 11.4 are vulnerable to CVE-2026-27656.