CVE Catalog

CVE-2026-3109

LowCVSS 2.2
Published: Updated: Translated: NVD NIST

Summary

Mattermost Plugins versions <=11.4 and 10.11.11.0 fail to validate webhook request timestamps, allowing an attacker to corrupt Zoom meeting state in Mattermost via replayed webhook requests.

Risk Assessment

An attacker could exploit this vulnerability to manipulate meeting states, potentially disrupting communication and collaboration within the organization.

Recommendation

It is recommended to update Mattermost plugins to the latest version to ensure proper validation of webhook request timestamps.

Original NVD description (English source)

Mattermost Plugins versions <=11.4 10.11.11.0 fail to validate webhook request timestamps which allows an attacker to corrupt Zoom meeting state in Mattermost via replayed webhook requests. Mattermost Advisory ID: MMSA-2026-00584

Vulnerability data from NVD (NIST) · CISA KEV · EPSS