4.3
CVE-2026-4054
- EPSS 0.09%
- Veröffentlicht 15.05.2026 18:32:44
- Zuletzt bearbeitet 15.05.2026 19:17:04
- Quelle responsibledisclosure@mattermo
- CVE-Watchlists
- Unerledigt
SVG content served through Mattermost image proxy despite Content-Type restrictions causes client-side denial of service
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 Fail to validate the response body of proxied images, which allows a remote attacker to enact client-side DoS via an SVG file served from an attacker-controlled origin under a non-SVG Content-Type header (e.g. image/png) embedded in an og:image meta tag or Markdown image link.. Mattermost Advisory ID: MMSA-2026-00630
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerMattermost
≫
Produkt
Mattermost
Default Statusunaffected
Version <=
11.5.1
Version
11.5.0
Status
affected
Version <=
10.11.13
Version
10.11.0
Status
affected
Version <=
11.4.3
Version
11.4.0
Status
affected
Version
11.6.0
Status
unaffected
Version
11.5.2
Status
unaffected
Version
10.11.14
Status
unaffected
Version
11.4.4
Status
unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.249 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| responsibledisclosure@mattermost.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
|
CWE-754 Improper Check for Unusual or Exceptional Conditions
The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.