CVE-2026-3116

Summary

Mattermost Plugins versions <=11.4 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to validate incoming request size which allows an authenticated attacker to cause service disruption via the webhook endpoint. Mattermost Advisory ID: MMSA-2026-00589

Affected Software

VendorProductVersion RangeStatus
MattermostMattermost0 <= 11.0.4affected
MattermostMattermost0 <= 11.1.3affected
MattermostMattermost0 <= 11.3.2affected
MattermostMattermost0 <= 10.11.11affected
MattermostMattermost11.5.0unaffected
MattermostMattermost11.4.1unaffected
MattermostMattermost11.3.2unaffected
MattermostMattermost11.2.4unaffected
MattermostMattermost10.11.12unaffected

Weaknesses

  • CWE-400: CWE-400 Uncontrolled Resource Consumption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References