6.5
CVE-2026-4915
- EPSS 0.28%
- Veröffentlicht 25.05.2026 07:10:23
- Zuletzt bearbeitet 01.06.2026 17:57:36
- Quelle responsibledisclosure@mattermo
- CVE-Watchlists
- Unerledigt
Server panic via outgoing webhook responses
Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to filter nil elements from outgoing webhook attachment payloads before processing, which allows an authenticated user to cause a denial of service (server process termination) via a crafted webhook callback response containing a null attachment entry.. Mattermost Advisory ID: MMSA-2026-00641
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mattermost ≫ Mattermost Server Version >= 10.11.0 < 10.11.15
Mattermost ≫ Mattermost Server Version >= 11.4.0 < 11.4.5
Mattermost ≫ Mattermost Server Version >= 11.5.0 < 11.5.4
Mattermost ≫ Mattermost Server Version >= 11.6.0 < 11.6.1
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.28% | 0.192 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| responsibledisclosure@mattermost.com | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-754 Improper Check for Unusual or Exceptional Conditions
The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.
https://mattermost.com/security-updates