Description
** UNSUPPORTED WHEN ASSIGNED ** Focalboard version 8.0 fails to validate file ownership when serving uploaded files. This allows an authenticated attacker who knows a victim's fileID to read the content of the file. NOTE: Focalboard as a standalone product is not maintained and no fix will be issued.
INFO
Published Date :
2026-04-03T13:25:53.399Z
Last Modified :
2026-04-03T14:54:37.869Z
Source :
Mattermost
AFFECTED PRODUCTS
The following products are affected by CVE-2026-28736 vulnerability.
| Vendors | Products |
|---|---|
| Mattermost |
|
REFERENCES
Here, you will find a curated list of external links that provide in-depth information to CVE-2026-28736.
| URL | Resource |
|---|---|
| https://github.com/mattermost-community/focalboard |
|
CVSS Vulnerability Scoring System
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact