PT-2026-25809 · Mattermost · Mattermost
Published
2026-03-16
·
Updated
2026-03-16
·
CVE-2026-2454
CVSS v3.1
5.8
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L |
Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to handle incorrectly reported array lengths which allows malicious user to cause OOM errors and crash the server via sending corrupted msgpack frames within websocket messages to calls plugin. Mattermost Advisory ID: MMSA-2025-00537
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mattermost