MatterMost MatterMost

  1. Vendors
  2. MatterMost

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any MatterMost product.

RSS Feeds for MatterMost security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in MatterMost products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by MatterMost Sorted by Most Security Vulnerabilities since 2018

MatterMost312 vulnerabilities

Mattermost Server117 vulnerabilities

Mattermost Desktop12 vulnerabilities

Mattermost Mobile10 vulnerabilities

Mattermost Boards2 vulnerabilities

MatterMost Playbooks2 vulnerabilities

MatterMost Focalboard1 vulnerability

By the Year

In 2026 there have been 51 vulnerabilities in MatterMost with an average score of 5.0 out of ten. Last year, in 2025 MatterMost had 93 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in MatterMost in 2026 could surpass last years number. Last year, the average CVE base score was greater by 0.12




Year Vulnerabilities Average Score
2026 51 5.00
2025 93 5.12
2024 95 5.21
2023 84 5.67
2022 25 6.24
2021 5 6.16
2020 1 0.00

It may take a day or so for new MatterMost vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent MatterMost Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-24661 Apr 09, 2026
Memory Exhaustion via Oversized Payload in Mattermost Plugins <=2.1.3.0 Mattermost Plugins versions <=2.1.3.0 fail to limit the request body size on the {{/changes}} webhook endpoint which allows an authenticated attacker to cause memory exhaustion and denial of service via sending an oversized JSON payload. Mattermost Advisory ID: MMSA-2026-00611
Mattermost
CVE-2026-21388 Apr 09, 2026
Mattermost Plugins <=2.3.1 DOS via Unrestricted /lifecycle Webhook Body Size Mattermost Plugins versions <=2.3.1 fail to limit the request body size on the {{/lifecycle}} webhook endpoint which allows an authenticated attacker to cause memory exhaustion and denial of service via sending an oversized JSON payload. Mattermost Advisory ID: MMSA-2026-00610
Mattermost
CVE-2026-3524 Apr 06, 2026
Mattermost Plugin Legal Hold <=1.1.4 Auth Bypass in ServeHTTP Mattermost Plugin Legal Hold versions <=1.1.4 fail to halt request processing after a failed authorization check in ServeHTTP which allows an authenticated attacker to access, create, download, and delete legal hold data via crafted API requests to the plugin's endpoints. Mattermost Advisory ID: MMSA-2026-00621
Mattermost
CVE-2026-28736 Apr 03, 2026
Focalboard 8.0 Auth File Read via File Ownership Bypass ** UNSUPPORTED WHEN ASSIGNED ** Focalboard version 8.0 fails to validate file ownership when serving uploaded files. This allows an authenticated attacker who knows a victim's fileID to read the content of the file. NOTE: Focalboard as a standalone product is not maintained and no fix will be issued.
CVE-2026-25773 Apr 03, 2026
Focalboard 8.0 SQLi via Category ID (CVE-2026-25773) ** UNSUPPORTED WHEN ASSIGNED ** Focalboard version 8.0 fails to sanitize category IDs before incorporating them into dynamic SQL statements when reordering categories. An attacker can inject a malicious SQL payload into the category id field, which is stored in the database and later executed unsanitized when the category reorder API processes the stored value. This Second-Order SQL Injection (Time-Based Blind) allows an authenticated attacker to exfiltrate sensitive data including password hashes of other users. NOTE: Focalboard as a standalone product is not maintained and no fix will be issued.
CVE-2026-3112 Mar 26, 2026
Path Traversal in Advanced Logging (before 11.4.0, 11.3.1, 11.2.3, 10.11.11) Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to validate Advanced Logging file target paths which allows system administrators to read arbitrary host files via malicious AdvancedLoggingJSON configuration in support packet generation. Mattermost Advisory ID: MMSA-2025-00562
Mattermost
CVE-2026-3109 Mar 26, 2026
Replayable timestamp bypass in Mattermost Plugins <=11.4 corrupts Zoom meetings Mattermost Plugins versions <=11.4 10.11.11.0 fail to validate webhook request timestamps which allows an attacker to corrupt Zoom meeting state in Mattermost via replayed webhook requests. Mattermost Advisory ID: MMSA-2026-00584
Mattermost
CVE-2026-3115 Mar 26, 2026
Guest ID Enumeration via Group Retrieval in Mattermost <11.4 Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail to apply view restrictions when retrieving group member IDs, which allows authenticated guest users to enumerate user IDs outside their allowed visibility scope via the group retrieval endpoint.. Mattermost Advisory ID: MMSA-2026-00594
Mattermost
CVE-2026-3114 Mar 26, 2026
DOS via Zip Bomb Extraction, Mattermost <=11.4.0/11.3.1/10.11.11 Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to validate decompressed archive entry sizes during file extraction which allows authenticated users with file upload permissions to cause a denial of service via crafted zip archives containing highly compressed entries (zip bombs) that exhaust server memory.. Mattermost Advisory ID: MMSA-2026-00598
Mattermost
CVE-2026-3116 Mar 26, 2026
Mattermost Plugins <=11.4 Request Size Validation Bypass in Webhook Endpoint Mattermost Plugins versions <=11.4 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to validate incoming request size which allows an authenticated attacker to cause service disruption via the webhook endpoint. Mattermost Advisory ID: MMSA-2026-00589
Mattermost
CVE-2026-3113 Mar 26, 2026
Mattermost 11.4.0 Bulk Export LFR Local Users Read Exported Data Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to set permissions on downloaded bulk export which allows other local users on the server to be able to read contents of the bulk export.. Mattermost Advisory ID: MMSA-2026-00593
Mattermost
CVE-2026-3108 Mar 26, 2026
Mattermost <11.5 mmctl Terminal Escape Sequences Vulnerability (CVE-2026-3108) Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail to sanitize user-controlled post content in the mmctl commands terminal output which allows attackers to manipulate administrator terminals via crafted messages containing ANSI and OSC escape sequences that enable screen manipulation, fake prompts, and clipboard hijacking.. Mattermost Advisory ID: MMSA-2026-00599
Mattermost
CVE-2026-4274 Mar 26, 2026
Mattermost 11.4 & 11.2.2 Membership Sync Remote Cluster Bypass Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail to restrict team-level access when processing membership sync from a remote cluster, which allows a malicious remote cluster to grant a user access to an entire private team instead of only the shared channel via sending crafted membership sync messages that trigger team membership assignment. Mattermost Advisory ID: MMSA-2026-00574
Mattermost
CVE-2026-27659 Mar 25, 2026
CSRF Bypass in Mattermost 10.x-11.x Enables Admin Policy Switch Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail to properly validate CSRF tokens in the /api/v4/access_control_policies/{policy_id}/activate endpoint, which allows an attacker to trick an admin into changing access control policy active status via a crafted request.. Mattermost Advisory ID: MMSA-2026-00578
Mattermost
CVE-2026-20719 Mar 25, 2026
Mattermost 10-11.4 External SVG Crash (Unauthenticated) Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to prevent rendering of external SVGs on link embeds which allows unauthenticated users to crash the Mattermost webapp and desktop app via creating an issue or PR on GitHub.. Mattermost Advisory ID: MMSA-2026-00595
Mattermost
CVE-2026-27656 Mar 25, 2026
Mattermost 11.4.0, 11.3.1, 11.2.3, 10.11.11 OpenID IsSameUser SubstrMatch PrivEsc Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to properly validate user identity in the OpenID {{IsSameUser()}} comparison logic, which allows an attacker to take over arbitrary user accounts via an overly permissive substring matching flaw in the user discovery flow.. Mattermost Advisory ID: MMSA-2026-00590
Mattermost
CVE-2026-26233 Mar 25, 2026
DDoS via Login RateLimit Bypass in Mattermost 10.1111.4 (CVE202626233) Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to rate limit login requests which allows unauthenticated remote attackers to cause denial of service (server crash and restart) via HTTP/2 single packet attack with 100+ parallel login requests.. Mattermost Advisory ID: MMSA-2025-00566
Mattermost
CVE-2026-1629 Mar 16, 2026
Mattermost <=10.11.10 Cached Permalink Preview Persistence Mattermost versions 10.11.x <= 10.11.10 Fail to invalidate cached permalink preview data when a user loses channel access which allows the user to continue viewing private channel content via previously cached permalink previews until cache reset or relogin.. Mattermost Advisory ID: MMSA-2026-00580
Mattermost
CVE-2026-26230 Mar 16, 2026
Mattermost 10.11.x <=10.11.10 Permission Validation Flaw in Roles API Mattermost versions 10.11.x <= 10.11.10 fail to properly validate permission requirements in the team member roles API endpoint which allows team administrators to demote members to guest role. Mattermost Advisory ID: MMSA-2025-00531
Mattermost
CVE-2026-2454 Mar 16, 2026
Mattermost <=11.3.0, 11.2.2, 10.11.10 OOM via corrupted msgpack WS frames Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to handle incorrectly reported array lengths which allows malicious user to cause OOM errors and crash the server via sending corrupted msgpack frames within websocket messages to calls plugin. Mattermost Advisory ID: MMSA-2025-00537
Mattermost
CVE-2026-26304 Mar 16, 2026
Mattermost <=11.3.0/<=11.2.2 run_create Perm Bypass Unauthorized Playbook Run Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2 fail to verify run_create permission for empty playbookId, which allows team members to create unauthorized runs via the playbook run API. Mattermost Advisory ID: MMSA-2025-00542
Mattermost
CVE-2026-24692 Mar 16, 2026
Mattermost <v11.3.0: Search API Read Permission Bypass (CVE-2026-24692) Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to properly enforce read permissions in search API endpoints which allows guest users without read permissions to access posts and files in channels via search API requests. Mattermost Advisory ID: MMSA-2025-00554
Mattermost
CVE-2026-22545 Mar 16, 2026
Auth Method Switch Flaw Enables Password Change in Mattermost <=10.11.10 Mattermost versions 10.11.x <= 10.11.10 fail to validate user's authentication method when processing account auth type switch which allows an authenticated attacker to change account password without confirmation via falsely claiming a different auth provider.. Mattermost Advisory ID: MMSA-2026-00583
Mattermost
CVE-2026-2455 Mar 16, 2026
Mattermost SSRF before v11.3.0 via IPv4-mapped IPv6 Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to canonicalize IPv4-mapped IPv6 addresses before reserved IP validation which allows an attacker to perform SSRF attacks against internal services via IPv4-mapped IPv6 literals (e.g., [::ffff:127.0.0.1]).. Mattermost Advisory ID: MMSA-2026-00585
Mattermost
CVE-2026-21386 Mar 16, 2026
Mattermost 11.3.0, 11.2.2, 10.11.10: /mute ErrResp Enables Private Disclosure Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to use consistent error responses when handling the /mute command which allows an authenticated team member to enumerate private channels they are not authorized to know about via differing error messages for nonexistent versus private channels. Mattermost Advisory ID: MMSA-2026-00588
Mattermost
CVE-2026-25780 Mar 16, 2026
Memory Allocation Bug in Mattermost DOC Parsing (10.11.10, 11.2.2, 11.3.0) Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to bound memory allocation when processing DOC files which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted DOC file.. Mattermost Advisory ID: MMSA-2026-00581
Mattermost
CVE-2026-4265 Mar 16, 2026
Mattermost <11.3.0/11.2.2/10.11.10: Guest upload_file bypass via metadata reuse Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to validate team-specific upload_file permissions which allows a guest user to post files in channels where they lack upload_file permission via uploading files in a team where they have permission and reusing the file metadata in a POST request to a different team. Mattermost Advisory ID: MMSA-2025-00553
Mattermost
CVE-2026-25783 Mar 16, 2026
Mattermost <=11.3.0: Invalid User-Agent Header Causes Panic Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to properly validate User-Agent header tokens which allows an authenticated attacker to cause a request panic via a specially crafted User-Agent header. Mattermost Advisory ID: MMSA-2026-00586
Mattermost
CVE-2026-24458 Mar 16, 2026
Mattermost 10-11.3.x Auth, Big Password DoS Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to properly handle very long passwords, which allows an attacker to overload the server CPU and memory via executing login attempts with multi-megabyte passwords. Mattermost Advisory ID: MMSA-2026-00587
Mattermost
CVE-2026-2462 Mar 16, 2026
Mattermost <=11.3.0 RCE via plugin install on CI test with default admin creds Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to restrict plugin installation on CI test instances with default admin credentials which allows an unauthenticated attacker to achieve remote code execution and exfiltrate sensitive configuration data including AWS and SMTP credentials via uploading a malicious plugin after changing the import directory. Mattermost Advisory ID: MMSA-2025-00528
Mattermost
CVE-2026-2578 Mar 16, 2026
Mattermost 11.3.x WebSocket Leak Exposes BurnonRead Posts Mattermost versions 11.3.x <= 11.3.0 fail to preserve the redacted state of burn-on-read posts during deletion which allows channel members to access unrevealed burn-on-read message contents via the WebSocket post deletion event.. Mattermost Advisory ID: MMSA-2026-00579
Mattermost
CVE-2026-26246 Mar 16, 2026
Memory Exhaustion in Mattermost PSD Handler (v<11.3.0) Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to bound memory allocation when processing PSD image files which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted PSD file. Mattermost Advisory ID: MMSA-2026-00572
Mattermost
CVE-2026-2458 Mar 16, 2026
Mattermost <=11.3.0, 11.2.2, 10.11.10: Channel Search Enum Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to properly validate team membership when searching channels which allows a removed team member to enumerate all public channels within a private team via the channel search API endpoint.. Mattermost Advisory ID: MMSA-2025-00568
Mattermost
CVE-2026-2457 Mar 16, 2026
Mattermost 11.3.0/11.2.2/10.11.10: Authenticated Metadata Sanitize Bypass Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to sanitize client-supplied post metadata which allows an authenticated attacker to spoof permalink embeds impersonating other users via crafted PUT requests to the post update API endpoint.. Mattermost Advisory ID: MMSA-2025-00569
Mattermost
CVE-2026-2461 Mar 16, 2026
Mattermost Plugins <=11.3 Auth Checks Missing on Comment Mods Mattermost Plugins versions <=11.3 11.0.3 11.2.2 10.10.11.0 fail to implement authorisation checks on comment block modifications, which allows an authorised attacker with editor permission to modify comments created by other board members. Mattermost Advisory ID: MMSA-2025-00559
Mattermost
CVE-2026-2463 Mar 16, 2026
ACL Bypass via Invite ID in Mattermost 10.11.10 & lower Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to filter invite IDs based on user permissions, which allows regular users to bypass access control restrictions and register unauthorized accounts via leaked invite IDs during team creation.. Mattermost Advisory ID: MMSA-2025-00565
Mattermost
CVE-2026-2476 Mar 16, 2026
Mattermost Plugins <=2.0.3.0: Sensitive Config Not Masked on Export Mattermost Plugins versions <=2.0.3.0 fail to properly mask sensitive configuration values which allows an attacker with access to support packets to obtain original plugin settings via exported configuration data. Mattermost Advisory ID: MMSA-2026-00606
Mattermost
CVE-2026-2456 Mar 16, 2026
Mattermost <=11.3.0 Denial via Unbounded Integration Response Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 Mattermost fails to limit the size of responses from integration action endpoints, which allows an authenticated attacker to cause server memory exhaustion and denial of service via a malicious integration server that returns an arbitrarily large response when a user clicks an interactive message button.. Mattermost Advisory ID: MMSA-2026-00571
Mattermost
CVE-2026-1628 Mar 02, 2026
Mattermost Desktop App <=5.13.3: External Navigation Leak Exposes Preload Scripts Mattermost Desktop App versions <=5.13.3 fail to attach listeners restricting navigation to external sites within the Mattermost app which allows a malicious server to expose preload script functionality to untrusted servers via having a user open an external link in their Mattermost server. Mattermost Advisory ID: MMSA-2026-00596
Mattermost
CVE-2025-14573 Feb 16, 2026
Mattermost <=10.11.9 Bypass Invite Permissions via API Mattermost versions 10.11.x <= 10.11.9 fail to enforce invite permissions when updating team settings, which allows team administrators without proper permissions to bypass restrictions and add users to their team via API requests. Mattermost Advisory ID: MMSA-2025-00561
Mattermost
CVE-2026-1046 Feb 16, 2026
Mattermost Desktop App <=6.0 Help Link RCE CVE-2026-1046 via Malicious Server Mattermost Desktop App versions <=6.0 6.2.0 5.2.13.0 fail to validate help links which allows a malicious Mattermost server to execute arbitrary executables on a users system via the user clicking on certain items in the Help menu Mattermost Advisory ID: MMSA-2026-00577
Mattermost
Mattermost Desktop
CVE-2025-14350 Feb 16, 2026
Mattermost <11.2.1 Channel Mention Member Validation Flaw (CVE-2025-14350) Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to properly validate team membership when processing channel mentions which allows authenticated users to determine the existence of teams and their URL names via posting channel shortlinks and observing the channel_mentions property in the API response. Mattermost Advisory ID: MMSA-2025-00563
Mattermost
CVE-2025-13821 Feb 16, 2026
Mattermost 10.11/11.1/11.2 WS Sensitive Data Leak (hash/mfa) Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to sanitize sensitive data in WebSocket messages which allows authenticated users to exfiltrate password hashes and MFA secrets via profile nickname updates or email verification events. Mattermost Advisory ID: MMSA-2025-00560
Mattermost
CVE-2026-0997 Feb 16, 2026
Mattermost Zoom Plugin: Auth Bypass Allows Channel Preference Change (11.2.1) Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 and Mattermost Plugin Zoom versions <=1.11.0 fail to validate the authenticated user when processing {{/plugins/zoom/api/v1/channel-preference}}, which allows any logged-in user to change Zoom meeting restrictions for arbitrary channels via crafted API requests.. Mattermost Advisory ID: MMSA-2025-00558
Mattermost
CVE-2026-0998 Feb 16, 2026
Unauthorized API Use in Mattermost 10.11-11.2 and Zoom Plugin <=1.11.0 Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 and Mattermost Plugin Zoom versions <=1.11.0 fail to validate user identity and post ownership in the {{/api/v1/askPMI}} endpoint which allows unauthorized users to start Zoom meetings as any user and overwrite arbitrary posts via direct API calls with manipulated user IDs and post data.. Mattermost Advisory ID: MMSA-2025-00534
Mattermost
CVE-2026-0999 Feb 16, 2026
Mattermost: Login Method Bypass via UID in v10.11.x-11.2.1 (SSO Bypass) Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to properly validate login method restrictions which allows an authenticated user to bypass SSO-only login requirements via userID-based authentication. Mattermost Advisory ID: MMSA-2025-00548
Mattermost
CVE-2026-20796 Feb 13, 2026
Mattermost 10.11.x <= 10.11.9 Channel Membership Leak via /common_teams Mattermost versions 10.11.x <= 10.11.9 fail to properly validate channel membership at the time of data retrieval which allows a deactivated user to learn team names they should not have access to via a race condition in the /common_teams API endpoint.. Mattermost Advisory ID: MMSA-2025-00549
Mattermost
CVE-2026-22892 Feb 13, 2026
Mattermost Jira Plugin Authenticated Read via /create-issue v11.2.1,10.11.9 Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have access to via the /create-issue API endpoint by providing the post ID of an inaccessible post.. Mattermost Advisory ID: MMSA-2025-00550
Mattermost
CVE-2025-13523 Feb 06, 2026
Mattermost Confluence plugin <1.7.0 XSS via unsanitized user display name Mattermost Confluence plugin version <1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connection link that, when visited, renders the attacker's display name without proper sanitization. Mattermost Advisory ID: MMSA-2025-00557
Mattermost
CVE-2025-14435 Jan 16, 2026
Mattermost Web Client <=10.11.8, <=11.0.6, <=11.1.1: Infinite Re-render DoS Mattermost versions 10.11.x <= 10.11.8, 11.1.x <= 11.1.1, 11.0.x <= 11.0.6 fail to prevent infinite re-renders on API errors which allows authenticated users to cause application-level DoS via triggering unbounded component re-render loops.
Mattermost
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.