PT-2026-25809 · Mattermost · Mattermost
Published
2026-02-13
·
Updated
2026-03-17
·
CVE-2026-2454
CVSS v3.1
8.6
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Mattermost versions 10.11.0 through 10.11.10
Mattermost versions 11.2.0 through 11.2.2
Mattermost versions 11.3.0
Description
The software does not correctly handle array lengths reported within messages sent via WebSockets to the calls plugin. This allows a malicious user to send corrupted msgpack frames, leading to out-of-memory (OOM) errors and potentially crashing the server.
Recommendations
Update Mattermost versions prior to 10.11.11.
Update Mattermost versions prior to 11.2.3.
Update Mattermost versions prior to 11.3.1.
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mattermost