PT-2026-42750 · Mattermost · Mattermost
Zephrfish
·
Published
2026-05-22
·
Updated
2026-07-07
·
CVE-2026-5740
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Mattermost version 11.6.0
Mattermost version 11.5.3
Mattermost version 11.4.4
Mattermost version 10.11.14
Description
An issue exists where msgpack-encoded WebSocket frames are not properly validated before memory allocation. This allows an unauthenticated remote attacker to crash the server process and cause a full service outage for all users by sending a crafted binary WebSocket message to the public WebSocket endpoint.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mattermost