PT-2026-31604 · Mattermost · Mattermost Plugins
Lorenzo Gallegos
·
Published
2026-04-09
·
Updated
2026-04-10
·
CVE-2026-24661
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Mattermost Plugins versions less than or equal to 2.1.3.0
Description
Mattermost Plugins versions less than or equal to 2.1.3.0 do not limit the request body size on the
/changes webhook endpoint. This allows an authenticated attacker to cause memory exhaustion and denial of service by sending an oversized JSON payload.Recommendations
Update Mattermost Plugins to a version greater than 2.1.3.0.
Fix
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mattermost Plugins