CVE-2026-4339
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk1th percentile — higher than 1% of all known CVEs
Summary
A vulnerability in the Mattermost Agents plugin MCP server allows an attacker with access to the MCP server in stdio mode to perform server-side request forgery (SSRF) by supplying internal URLs as file attachments in post creation requests. Affected versions are 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, and 11.5.x <= 11.5.6.
Risk Assessment
An attacker can exploit this flaw to exfiltrate data from internal network services, potentially leading to the leakage of sensitive organizational information.
Recommendation
Immediately upgrade Mattermost to version 10.11.19, 11.6.4, or 11.5.7, depending on the branch in use, and implement validation of attachment URLs.
Original NVD description (English source)
Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to validate attachment URLs against internal or private IP ranges in the Mattermost Agents plugin MCP server which allows an attacker with access to the MCP server in stdio mode to perform server-side request forgery (SSRF) and exfiltrate data from internal network services via supplying internal URLs as file attachments in post creation requests.. Mattermost Advisory ID: MMSA-2026-00635

