PT-2026-25699 · Mattermost · Github.Com/Mattermost/Mattermost-Server+1
Winfunc
·
Published
2026-02-13
·
Updated
2026-03-27
·
CVE-2026-24458
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Mattermost versions 11.3.0 and earlier
Mattermost versions 11.2.2 and earlier
Mattermost versions 10.11.10 and earlier
Description
The software does not correctly manage very long passwords. This allows an attacker to exhaust server resources, specifically CPU and memory, by repeatedly attempting to log in with excessively large passwords. The issue is present in the
github.com/mattermost/mattermost-server module prior to version v5.3.2-0.20260129164748-7201f42d955f.Recommendations
Update Mattermost to a version later than 11.3.0.
Update Mattermost to a version later than 11.2.2.
Update Mattermost to a version later than 10.11.10.
Update the
github.com/mattermost/mattermost-server module to version v5.3.2-0.20260129164748-7201f42d955f or later.Fix
DoS
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mattermost
Github.Com/Mattermost/Mattermost-Server