A vulnerability has been found in Mattermost Go Module up to 0.1.21 and classified as critical . Affected is an unknown function of the file /mattermost/mattermost/server/public . The manipulation leads to path traversal. This vulnerability is listed as CVE-2026-13426 . The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.