6.5
CVE-2026-4339
- EPSS 0.1%
- Veröffentlicht 26.06.2026 14:44:58
- Zuletzt bearbeitet 29.06.2026 19:26:34
- Quelle responsibledisclosure@mattermo
- CVE-Watchlists
- Unerledigt
SSRF via unvalidated attachment URLs in Mattermost Agents plugin MCP server
Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to validate attachment URLs against internal or private IP ranges in the Mattermost Agents plugin MCP server which allows an attacker with access to the MCP server in stdio mode to perform server-side request forgery (SSRF) and exfiltrate data from internal network services via supplying internal URLs as file attachments in post creation requests.. Mattermost Advisory ID: MMSA-2026-00635
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mattermost ≫ Mattermost Server Version >= 10.11.0 < 10.11.19
Mattermost ≫ Mattermost Server Version >= 11.5.0 < 11.5.7
Mattermost ≫ Mattermost Server Version >= 11.6.0 < 11.6.4
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.012 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| responsibledisclosure@mattermost.com | 6.5 | 2 | 4 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
|
CWE-918 Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
https://mattermost.com/security-updates