PT-2026-42748 · Mattermost · Mattermost+1

Mariusz Maik

·

Published

2026-05-22

·

Updated

2026-07-07

·

CVE-2026-4646

CVSS v3.1

4.3

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Name of the Vulnerable Software and Affected Versions Mattermost version 11.6.0 Mattermost version 11.5.3 Mattermost version 11.4.4 Mattermost version 10.11.14
Description Insufficient input validation in the GitHub plugin API request handlers allows an authenticated attacker to cause a denial of service by crashing the plugin process. This is achieved by sending a crafted HTTP request to the 'PR details' endpoint.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BDU:2026-07546
CVE-2026-4646
GHSA-RMVV-8V8W-RF7X
GO-2026-5833

Affected Products

Github Plugin
Mattermost