CVE-2026-20719

MEDIUM NVD

CVSS Score 4.3

Severity MEDIUM

Published Mar 25, 2026

Vendor unknown

Description

Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to prevent rendering of external SVGs on link embeds which allows unauthenticated users to crash the Mattermost webapp and desktop app via creating an issue or PR on GitHub.. Mattermost Advisory ID: MMSA-2026-00595

References

https://mattermost.com/security-updates