CVE-2026-3109
LowCVSS 2.2Summary
Mattermost Plugins versions <=11.4 and 10.11.11.0 fail to validate webhook request timestamps, allowing an attacker to corrupt Zoom meeting state in Mattermost via replayed webhook requests.
Risk Assessment
An attacker could exploit this vulnerability to manipulate meeting states, potentially disrupting communication and collaboration within the organization.
Recommendation
It is recommended to update Mattermost plugins to the latest version to ensure proper validation of webhook request timestamps.
Original NVD description (English source)
Mattermost Plugins versions <=11.4 10.11.11.0 fail to validate webhook request timestamps which allows an attacker to corrupt Zoom meeting state in Mattermost via replayed webhook requests. Mattermost Advisory ID: MMSA-2026-00584

