CVE-2026-8683
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk10th percentile — higher than 10% of all known CVEs
Summary
Mattermost Desktop App versions <=6.1 5.5.13.0 fail to properly handle attempts to open extremely long URLs, allowing a malicious server owner to crash the application by including a script to call window.open on a very large URL.
Risk Assessment
Malicious URLs can lead to application crashes, affecting service availability for users. This could be exploited for denial-of-service attacks.
Recommendation
It is recommended to update the Mattermost Desktop App to the latest version to mitigate the risk associated with this vulnerability.
Original NVD description (English source)
Mattermost Desktop App versions <=6.1 5.5.13.0 fail to account for attempting to open extremely long URLs in the Mattermost Desktop App which allows a malicious server owner to crash the application via including a script to call window.open on a very large URL. Mattermost Advisory ID: MMSA-2026-00652

