PT-2026-27810 · Mattermost · Mattermost
Mk7120
·
Publicado
2026-03-25
·
Atualizado
2026-03-25
·
CVE-2026-20719
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Mattermost versions 11.4.0 and earlier
Mattermost versions 11.3.1 and earlier
Mattermost versions 11.2.3 and earlier
Mattermost versions 10.11.11 and earlier
Description
The software does not properly prevent the rendering of external Scalable Vector Graphics (SVGs) within link embeds. This allows unauthenticated users to cause the Mattermost web application and desktop application to crash by creating an issue or pull request on GitHub.
Recommendations
Update Mattermost to a version later than 11.4.0.
Update Mattermost to a version later than 11.3.1.
Update Mattermost to a version later than 11.2.3.
Update Mattermost to a version later than 10.11.11.
Correção
DoS
Improper Check for Exceptional Conditions
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Mattermost