PT-2026-28420 · Mattermost+1 · Mattermost Plugins+1

Thecybertantrik

Published

2026-03-26

Updated

2026-06-08

CVE-2026-3109

CVSS v3.1

2.2

Low

Vector

AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Mattermost Plugins versions 10.11.11.0 and 11.4

Description Mattermost plugins do not properly validate timestamps in webhook requests. This allows an attacker to repeatedly send webhook requests, potentially corrupting the state of Zoom meetings within Mattermost. The issue involves the replay of webhook requests.

Recommendations Update Mattermost Plugins to a version newer than 11.4. Update Mattermost Plugins to a version newer than 10.11.11.0.

Fix

DoS

Improper Check for Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-754

Related Identifiers

CVE-2026-3109

Affected Products

Mattermost Plugins

Zoom

PT-2026-28420 · Mattermost+1 · Mattermost Plugins+1

CVE-2026-3109

Weakness Enumeration

Related Identifiers

Affected Products

References · 7