CVE-2026-3116

MEDIUM NVD

CVSS Score 4.9

Severity MEDIUM

Published Mar 26, 2026

Vendor unknown

Description

Mattermost Plugins versions <=11.4 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to validate incoming request size which allows an authenticated attacker to cause service disruption via the webhook endpoint. Mattermost Advisory ID: MMSA-2026-00589

References

https://mattermost.com/security-updates