Game0V3R

Mattermost Desktop App versions <=6.1 5.5.13.0 fail to account for attempting to open extremely long URLs in the Mattermost Desktop App which allows a malicious server owner to crash the application via including a script to call window.open on a very large URL. Mattermost Advisory ID: MMSA-2026-00652

**Name of the Vulnerable Software and Affected Versions** Mattermost Desktop App versions prior to 6.1 **Description** The application fails to prevent invalid URLs from loading in pop-up windows. This allows a malicious server owner to repeatedly crash the application by calling the `window.open('javascript:alert()')` function. **Recommendations** Update to a version later than 6.1.

**Name of the Vulnerable Software and Affected Versions** Mattermost versions 11.4.x through 11.4.3 Mattermost versions 11.5.x through 11.5.1 **Description** An issue exists where the burn-on-read reveal endpoint fails to validate the 'X-Requested-With' header. This allows an authenticated channel member to force the reveal of a burn-on-read message without the recipient's consent by using a crafted Markdown image tag. **Recommendations** Update Mattermost versions 11.4.x through 11.4.3 to a version later than 11.4.3. Update Mattermost versions 11.5.x through 11.5.1 to a version later than 11.5.1.