6.5
CVE-2026-4635
- EPSS 0.17%
- Veröffentlicht 22.05.2026 10:28:47
- Zuletzt bearbeitet 22.05.2026 10:28:47
- Quelle 9302f53e-dde5-4bf3-b2f2-a83f91
- CVE-Watchlists
- Unerledigt
Persistent notification timing attack causing server denial of service
Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to archive the channel before removing persistent notifications which allows authenticated user to crash the server via timing the creation of persistent notification message between the server deleting existing persistent notifications and archiving the channel.. Mattermost Advisory ID: MMSA-2026-00637
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerMattermost
≫
Produkt
Mattermost
Default Statusunaffected
Version <=
11.6.0
Version
11.6.0
Status
affected
Version <=
11.5.3
Version
11.5.0
Status
affected
Version <=
11.4.4
Version
11.4.0
Status
affected
Version <=
10.11.14
Version
10.11.0
Status
affected
Version
11.7.0
Status
unaffected
Version
11.6.1
Status
unaffected
Version
11.5.4
Status
unaffected
Version
11.4.5
Status
unaffected
Version
10.11.15
Status
unaffected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.17% | 0.068 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 9302f53e-dde5-4bf3-b2f2-a83f91ac0eee | 6.5 | 0 | 0 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
https://mattermost.com/security-updates