PT-2026-41349 · Mattermost · Mattermost+1
Mk7120
·
Published
2026-05-15
·
Updated
2026-05-15
·
CVE-2026-4054
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Mattermost versions 11.5.0 through 11.5.1
Mattermost versions 10.11.0 through 10.11.13
Mattermost versions 11.4.0 through 11.4.3
Description
Failure to validate the response body of proxied images allows a remote attacker to cause a client-side Denial of Service (DoS). This occurs when an SVG file is served from an attacker-controlled origin using a non-SVG Content-Type header, such as 'image/png', and is embedded within an
og:image meta tag or a Markdown image link.Recommendations
Update versions 11.5.0 through 11.5.1 to a newer version.
Update versions 10.11.0 through 10.11.13 to a newer version.
Update versions 11.4.0 through 11.4.3 to a newer version.
Fix
DoS
Improper Check for Exceptional Conditions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mattermost
Mattermost Server