PT-2026-25699 · Mattermost · Github.Com/Mattermost/Mattermost-Server+1
Winfunc
·
Publicado
2026-02-13
·
Atualizado
2026-03-27
·
CVE-2026-24458
CVSS v2.0
7.8
Alta
| Vetor | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Mattermost versions 11.3.0 and earlier
Mattermost versions 11.2.2 and earlier
Mattermost versions 10.11.10 and earlier
Description
The software does not correctly manage very long passwords. This allows an attacker to exhaust server resources, specifically CPU and memory, by repeatedly attempting to log in with excessively large passwords. The issue is present in the
github.com/mattermost/mattermost-server module prior to version v5.3.2-0.20260129164748-7201f42d955f.Recommendations
Update Mattermost to a version later than 11.3.0.
Update Mattermost to a version later than 11.2.2.
Update Mattermost to a version later than 10.11.10.
Update the
github.com/mattermost/mattermost-server module to version v5.3.2-0.20260129164748-7201f42d955f or later.Correção
DoS
Allocation of Resources Without Limits
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Mattermost
Github.Com/Mattermost/Mattermost-Server