Mattermost

by Mattermost, Inc.v6.0.4

Last updated Jun 8, 2026

Access your Mattermost instance with your credentials using the desktop app

Install with winget

$ winget install --id Mattermost.MattermostDesktop --exact --version 6.0.4

Run in Command Prompt, PowerShell, or Windows Terminal. Prompts for any agreements.

Silent install command for Mattermost

Mattermost uses EXE (NSIS). The silent install switches are /S.

One-line silent install (x64, user scope)

mattermost-desktop-setup-6.0.4-win.exe /S

See the full silent install reference for Mattermost →

Built by Pckgr

For Intune admins

Stop chasing app updates. Pckgr patches them for you.

Automated application patching for Microsoft Intune. Pckgr keeps a curated library of 1,000+ apps continuously up-to-date in your tenant via Microsoft Graph - no manual repackaging, no chasing vendor sites.

Start free 30-day trial

No credit card required.

Installers · v6.0.4

Architecture	Type	Scope	Download
x64	EXE NSIS	user	Direct
x64	MSI WiX	machine	Direct
arm64	EXE NSIS	user	Direct
arm64	MSI WiX	machine	Direct

Copy a command tailored to that specific architecture, type, and scope - useful when winget would otherwise pick a different default.

Security

25 known CVEs via NVD

low3.7Patched in wingetCVE-2026-24661affects before 2.3.2.0Apr 9, 2026
Mattermost Plugins versions <=2.1.3.0 fail to limit the request body size on the {{/changes}} webhook endpoint which allows an authenticated attacker to cause memory exhaustion and denial of service via sending an oversized JSON payload. Mattermost Advisory ID: MMSA-2026-00611
Vendor advisory
low3.5Patched in wingetCVE-2024-10214affects >=9.11.0 and <=9.11.1Oct 28, 2024
Mattermost versions 9.11.X <= 9.11.1, 9.5.x <= 9.5.9 icorrectly issues two sessions when using desktop SSO - one in the browser and one in desktop with incorrect settings.
Vendor advisory
medium4.7Patched in wingetCVE-2024-8071affects before 9.5.8, 9.8.3, 9.9.2, 9.10.1Aug 21, 2024
Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 and 9.8.x <= 9.8.2 fail to restrict which roles can promote a user as system admin which allows a System Role with edit access to the permissions section of system console to update their role (e.g. member) to...
Vendor advisory
medium4.3Patched in wingetCVE-2024-43813affects before 9.5.8, 9.10.1Aug 21, 2024
Mattermost versions 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 fail to enforce proper access controls which allows any authenticated user, including guests, to mark any channel inside any team as read for any user.
Vendor advisory
medium5.3Patched in wingetCVE-2024-42411affects before 9.5.8, 9.8.3, 9.9.2, 9.10.1Aug 21, 2024
Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2 fail to restrict the input in POST /api/v4/users which allows a user to manipulate the creation date in POST /api/v4/users tricking the admin into believing their account is much older.
Vendor advisory
medium4.6Patched in wingetCVE-2024-40886affects before 9.5.8, 9.8.3, 9.9.2, 9.10.1Aug 21, 2024
Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in User Management page of the system c...
Vendor advisory
medium4.8Patched in wingetCVE-2024-39836affects before 9.5.8, 9.8.3, 9.9.2, 9.10.1Aug 21, 2024
Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 and 9.8.x <= 9.8.2 fail to ensure that remote/synthetic users cannot create sessions or reset passwords, which allows the munged email addresses, created by shared channels, to be used to receive email notific...
Vendor advisory
medium4.9Patched in wingetCVE-2024-39810affects before 9.5.8, 9.10.1Aug 21, 2024
Mattermost versions 9.5.x <= 9.5.7 and 9.10.x <= 9.10.0 fail to time limit and size limit the CA path file in the ElasticSearch configuration which allows a System Role with access to the Elasticsearch system console to add any file as a CA path field, such as /dev/zero and, aft...
Vendor advisory

Showing 8 of 25. Source: NVD, updated 5h ago. Patch status is best-effort: NVD's fix version is compared against the latest version in winget, but the two version formats don't always align. Confirm with the vendor advisory before treating any specific build as safe.

See a CVE that affects your fleet? Push the patched version to Intune in one click with Pckgr - automated patching is the only way to keep up.

Related apps

Microsoft TeamsMicrosoft Corporation
Microsoft.Teamsv26134.1702.4747.7366
Collaborate more effectively with a faster, simpler, smarter, and more flexible Teams.
WebexCisco Systems, Inc
Cisco.Webexv46.5.0.35006
With industry leading video conferencing, calling, and contact center solutions, Webex fuels hybrid work for businesses of all sizes.
DingTalkAlibaba (China) Network Technology Co.,Ltd.
Alibaba.DingTalkv8.3.10-Release.260413002
DingTalk, make work and study easy
LibreOfficeThe Document Foundation
TheDocumentFoundation.LibreOfficev26.2.4.2
LibreOffice is a free and powerful office suite, and a successor to OpenOffice.org (commonly known as OpenOffice). Its clean interface and feature-rich tools help you unleash your creativity and enhance your productivity.
Zoom WorkplaceZoom
Zoom.Zoomv7.0.38856
Team Chat, Phone, Video & More
Microsoft Teams classicMicrosoft Corporation
Microsoft.Teams.Classicv1.8.00.27654
Chat, Meetings, Calling, Collaboration

More from Mattermost, Inc. or browse business, collaborate, collaboration.

Frequently asked questions

How do I install Mattermost on Windows?

Open Windows Terminal, PowerShell, or Command Prompt and run: winget install --id Mattermost.MattermostDesktop --exact --version 6.0.4. winget downloads the installer from Mattermost, Inc. and runs it. Requires Windows 10 (1809+) or Windows 11.

How do I install Mattermost silently for unattended deployment?

Add --silent and accept the agreements upfront: winget install --id Mattermost.MattermostDesktop --exact 6.0.4 --silent --accept-package-agreements --accept-source-agreements. This is the variant Intune, Configuration Manager, and other deployment tools should use.

What are the silent install switches for Mattermost?

Mattermost uses EXE (NSIS). Run the downloaded installer with: mattermost-desktop-setup-6.0.4-win.exe /S. The silent switches are /S.

How do I uninstall Mattermost via winget?

Run: winget uninstall --id Mattermost.MattermostDesktop --exact. Add --silent for unattended uninstalls. winget will use the registered uninstaller from Mattermost's Apps & Features entry.

Is Mattermost free?

Mattermost is distributed under Apache-2.0. Refer to the publisher (https://mattermost.com/apps/) for the full license terms - Wingetly itself does not charge for installation.

Does Mattermost work on Windows 10?

Yes, as long as your Windows 10 build supports winget (1809 or newer). winget ships with App Installer on Windows 10/11 and pulls Mattermost directly from the publisher.

How do I keep Mattermost up to date?

Run winget upgrade --id Mattermost.MattermostDesktop --exact, or winget upgrade --all to update everything winget tracks. We index 10 versions of Mattermost from microsoft/winget-pkgs.

Recent versions

6.0.4latest
6.0.3
6.0.2
6.0.1
6.0.0
5.13.2
5.13.1
5.13.0
5.12.1
5.12.0