CVE-2026-3108

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.x through 10.11.10 Mattermost versions 11.2.x through 11.2.2 Mattermost versions 11.3.x through 11.3.1 Mattermost versions 11.4.x through 11.4.0

Description The software does not properly sanitize user-controlled post content in the terminal output of mmctl commands. This allows attackers to manipulate administrator terminals through crafted messages containing ANSI and OSC escape sequences. These sequences can enable screen manipulation, display fake prompts, and hijack the clipboard. The Mattermost Advisory ID for this issue is MMSA-2026-00599.

Recommendations Update Mattermost to a version beyond 10.11.10. Update Mattermost to a version beyond 11.2.2. Update Mattermost to a version beyond 11.3.1. Update Mattermost to a version beyond 11.4.0.