CVE Catalog

CVE-2026-8683

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

10th percentile — higher than 10% of all known CVEs

Summary

Mattermost Desktop App versions <=6.1 5.5.13.0 fail to properly handle attempts to open extremely long URLs, allowing a malicious server owner to crash the application by including a script to call window.open on a very large URL.

Risk Assessment

Malicious URLs can lead to application crashes, affecting service availability for users. This could be exploited for denial-of-service attacks.

Recommendation

It is recommended to update the Mattermost Desktop App to the latest version to mitigate the risk associated with this vulnerability.

Original NVD description (English source)

Mattermost Desktop App versions <=6.1 5.5.13.0 fail to account for attempting to open extremely long URLs in the Mattermost Desktop App which allows a malicious server owner to crash the application via including a script to call window.open on a very large URL. Mattermost Advisory ID: MMSA-2026-00652

Vulnerability data from NVD (NIST) · CISA KEV · EPSS