What is the CVSS score of CVE-2026-3114?

CVE-2026-3114 has a CVSS 3.1 base score of 6.5 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of Mattermost are affected by CVE-2026-3114?

CVE-2026-3114 presents notable security risk rated CVSS 6.5. Exploitation could compromise the security of affected deployments.. A patch is available.

Mattermost CVE-2026-3114

Q: How to fix or mitigate CVE-2026-3114?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

EUVD-2026-16242 MEDIUM

Improper Handling of Highly Compressed Data (Data Amplification) (CWE-409)

2026-03-26 Mattermost

GHSA-vhgh-g7x8-4rx8

Denial Of Service File Upload

6.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Patch released

Apr 01, 2026 - 02:30 nvd

Patch available

EUVD ID Assigned

Mar 26, 2026 - 16:45 euvd

EUVD-2026-16242

Analysis Generated

Mar 26, 2026 - 16:45 vuln.today

CVE Published

Mar 26, 2026 - 16:21 nvd

MEDIUM 6.5

DescriptionNVD

Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to validate decompressed archive entry sizes during file extraction which allows authenticated users with file upload permissions to cause a denial of service via crafted zip archives containing highly compressed entries (zip bombs) that exhaust server memory.. Mattermost Advisory ID: MMSA-2026-00598

AnalysisAI

Mattermost server versions 10.11.x through 11.4.x fail to validate decompressed archive entry sizes during ZIP file extraction, allowing authenticated users with file upload permissions to trigger denial of service by uploading crafted zip bombs that exhaust server memory. The vulnerability affects Mattermost 10.11.0-10.11.11, 11.2.0-11.2.3, 11.3.0-11.3.1, and 11.4.0, with CVSS 6.5 (medium) reflecting the requirement for prior authentication and limited scope (availability impact only). …

RemediationAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Vendor StatusVendor

Debian

Bug #823556

mattermost-server

Release	Status	Fixed Version	Urgency
	open	-	-

CVE-2026-3114 vulnerability details – vuln.today

Back

Mattermost CVE-2026-3114

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Vendor StatusVendor

Debian

Share

External POC / Exploit Code