CVE Catalog

CVE-2026-3116

MediumCVSS 4.9
Published: Updated: Translated: NVD NIST

Summary

Mattermost Plugins versions <=11.4, 11.0.4, 11.1.3, 11.3.2, and 10.11.11.0 fail to validate incoming request size, allowing an authenticated attacker to disrupt service via the webhook endpoint.

Risk Assessment

An attacker with appropriate permissions can exploit this vulnerability to disrupt system functionality, potentially leading to service outages.

Recommendation

It is recommended to update Mattermost plugins to the latest version to mitigate this vulnerability and implement additional request size validation mechanisms.

Original NVD description (English source)

Mattermost Plugins versions <=11.4 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to validate incoming request size which allows an authenticated attacker to cause service disruption via the webhook endpoint. Mattermost Advisory ID: MMSA-2026-00589

Vulnerability data from NVD (NIST) · CISA KEV · EPSS