Skip to main content

Mattermost EUVDEUVD-2026-39775

| CVE-2026-3472 LOW
Protection Mechanism Failure (CWE-693)
2026-06-26 responsibledisclosure@mattermost.com GHSA-8rm3-f79m-54wg
3.5
CVSS 3.1 · Vendor: mattermost

Severity by source

Vendor (mattermost) PRIMARY
3.5 LOW
AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
vuln.today AI
3.5 LOW

Attacker must be authenticated (PR:L) and victim must render the post (UI:R); impact is limited to partial data exfiltration with no integrity or availability effect.

3.1 AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (mattermost).

CVSS VectorVendor: mattermost

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jun 26, 2026 - 16:05 vuln.today

DescriptionCVE.org

Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to properly apply markdown image rendering restrictions to AI bot tool result posts, which allows an authenticated attacker to exfiltrate data to an attacker-controlled server via injecting markdown image syntax into tool result content rendered by a victim's client.. Mattermost Advisory ID: MMSA-2026-00619

AnalysisAI

Markdown image rendering restrictions in Mattermost are bypassed specifically for AI bot tool result posts, enabling authenticated attackers to exfiltrate data to attacker-controlled infrastructure. Affected are Mattermost versions 10.11.x through 10.11.18, 11.5.x through 11.5.6, and 11.6.x through 11.6.3. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate to Mattermost
Delivery
Access channel with AI bot integration
Exploit
Craft input triggering markdown image injection in tool result
Execution
Victim client renders bot tool result post
Persist
Client fetches attacker-controlled image URL
Impact
Exfiltrate session metadata from HTTP request

Vulnerability AssessmentAI

Exploitation Authentication is required - the CVSS vector PR:L confirms the attacker must hold a valid Mattermost account with access to a channel where an AI bot integration is active. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base score of 3.5 (Low) accurately reflects the constrained exploitation conditions: the attacker must be authenticated (PR:L), and exploitation requires a victim to render the malicious post in their client (UI:R). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated Mattermost user with access to a channel using an AI bot crafts input that causes the bot's tool result response to include markdown image syntax such as an external URL pointing to an attacker-controlled server. When a target colleague's Mattermost client renders that AI bot tool result post, the client automatically fetches the image URL, sending an HTTP request to the attacker's server that may include session cookies, authentication tokens, or other request metadata embedded by the browser or desktop client. …
Remediation Upgrade Mattermost to a version beyond the affected ranges (above 10.11.18, 11.5.6, or 11.6.3 respectively). … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-48801 HIGH POC
8.7 Jun 26

Denial of service in linkify-it (npm) through v5.0.0 lets remote unauthenticated attackers wedge a rendering worker by s

CVE-2022-4044 MEDIUM POC
6.5 Nov 23

A denial-of-service vulnerability in Mattermost allows an authenticated user to crash the server via multiple large auto

CVE-2022-3257 MEDIUM POC
6.5 Sep 23

Mattermost version 7.1.x and earlier fails to sufficiently process a specifically crafted GIF file when it is uploaded w

CVE-2023-6458 CRITICAL
9.8 Dec 06

Mattermost webapp fails to validate route parameters in/<TEAM_NAME>/channels/<CHANNEL_NAME> allowing an attacker to perf

CVE-2020-26276 CRITICAL
9.8 Dec 17

Fleet is an open source osquery manager. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable,

CVE-2024-39777 CRITICAL
9.6 Aug 01

Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to disallow unsolicited invit

CVE-2020-26290 CRITICAL
9.6 Dec 28

Dex is a federated OpenID Connect provider written in Go. Rated critical severity (CVSS 9.6), this vulnerability is remo

CVE-2026-9354 MEDIUM POC
5.5 May 24

Improper output escaping in NousResearch Hermes Agent versions up to 2026.4.16 allows remote unauthenticated attackers t

CVE-2022-1002 MEDIUM POC
5.4 Mar 18

Mattermost 6.3.0 and earlier fails to properly sanitize the HTML content in the email invitation sent to guest users, wh

CVE-2023-2193 CRITICAL
9.1 Apr 20

Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker posse

CVE-2026-7387 HIGH
8.8 Jun 12

Privilege escalation in Mattermost server (11.6.x, 11.5.x, and 10.11.x branches) allows a low-privileged user holding gr

CVE-2026-3524 HIGH
8.8 Apr 06

Authorization bypass in Mattermost Plugin Legal Hold versions <=1.1.4 allows authenticated attackers to manipulate legal

Share

EUVD-2026-39775 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy