Skip to main content

Mattermost EUVD-2026-30737

| CVE-2026-2325 MEDIUM
Allocation of Resources Without Limits or Throttling (CWE-770)
2026-05-18 Mattermost GHSA-m3p3-8frq-q7qh
Denial Of Service Mattermost
4.3
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

1
Analysis Generated
May 18, 2026 - 08:16 vuln.today

DescriptionNVD

Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to limit the size of the request body on the start meeting API endpoint, which allows an authenticated attacker to cause resource exhaustion or denial of service via a crafted oversized HTTP POST request to {{/api/v1/meetings}}.. Mattermost Advisory ID: MMSA-2026-00608

AnalysisAI

Resource exhaustion in Mattermost Server 10.11.x through 11.5.1 allows authenticated users to trigger denial of service by sending oversized HTTP POST requests to the /api/v1/meetings endpoint. The vulnerability affects three active release branches with no request size validation on the meeting start API. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

EUVD-2026-30737 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy