CVE-2026-3116
MediumCVSS 4.9Summary
Mattermost Plugins versions <=11.4, 11.0.4, 11.1.3, 11.3.2, and 10.11.11.0 fail to validate incoming request size, allowing an authenticated attacker to disrupt service via the webhook endpoint.
Risk Assessment
An attacker with appropriate permissions can exploit this vulnerability to disrupt system functionality, potentially leading to service outages.
Recommendation
It is recommended to update Mattermost plugins to the latest version to mitigate this vulnerability and implement additional request size validation mechanisms.
Original NVD description (English source)
Mattermost Plugins versions <=11.4 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to validate incoming request size which allows an authenticated attacker to cause service disruption via the webhook endpoint. Mattermost Advisory ID: MMSA-2026-00589

