PT-2026-28425 · Mattermost · Mattermost Plugins
Thecybertantrik
·
Published
2026-03-26
·
Updated
2026-03-26
·
CVE-2026-3116
CVSS v3.1
4.9
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Mattermost Plugins versions 10.11.11.0 through 11.4
Description
The software does not properly check the size of incoming requests, potentially allowing an authenticated attacker to disrupt service through the webhook endpoint. The issue affects the processing of requests sent to the
/webhooks API endpoint. The request size is not validated, which can lead to a denial-of-service condition.Recommendations
Update to a version of Mattermost Plugins greater than 11.4.
Fix
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mattermost Plugins