PT-2026-27810 · Mattermost · Mattermost
Mk7120
·
Published
2026-03-25
·
Updated
2026-03-25
·
CVE-2026-20719
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Mattermost versions 11.4.0 and earlier
Mattermost versions 11.3.1 and earlier
Mattermost versions 11.2.3 and earlier
Mattermost versions 10.11.11 and earlier
Description
The software does not properly prevent the rendering of external Scalable Vector Graphics (SVGs) within link embeds. This allows unauthenticated users to cause the Mattermost web application and desktop application to crash by creating an issue or pull request on GitHub.
Recommendations
Update Mattermost to a version later than 11.4.0.
Update Mattermost to a version later than 11.3.1.
Update Mattermost to a version later than 11.2.3.
Update Mattermost to a version later than 10.11.11.
Fix
DoS
Improper Check for Exceptional Conditions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mattermost