6.5
CVE-2026-6340
- EPSS 0.24%
- Veröffentlicht 18.05.2026 07:08:56
- Zuletzt bearbeitet 19.05.2026 17:21:26
- Quelle responsibledisclosure@mattermo
- CVE-Watchlists
- Unerledigt
Memory Exhaustion via Malicious 7zip File Upload
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to validate 7zip archive structure before processing which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted 7zip file with excessive folder declarations.. Mattermost Advisory ID: MMSA-2026-00573
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mattermost ≫ Mattermost Server Version >= 10.11.0 < 10.11.14
Mattermost ≫ Mattermost Server Version >= 11.4.0 < 11.4.4
Mattermost ≫ Mattermost Server Version >= 11.5.0 < 11.5.2
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.24% | 0.148 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| responsibledisclosure@mattermost.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
|
CWE-789 Memory Allocation with Excessive Size Value
The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.
https://mattermost.com/security-updates