Analysis and contextual insights are available on OpenCVE Cloud.
Vendor Solution
Update Mattermost to versions 11.8.0, 11.7.3, 11.6.5, 10.11.20 or higher.
Tracking
Sign in to view the affected projects.
No advisories yet.
| Link | Providers |
|---|---|
| https://mattermost.com/security-updates |
|
Mon, 13 Jul 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Mon, 13 Jul 2026 09:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Mattermost
Mattermost mattermost |
|
| Vendors & Products |
Mattermost
Mattermost mattermost |
Mon, 13 Jul 2026 08:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to validate the length and content of message attachment field values, which allows an authenticated attacker to cause a denial of service for all users in a channel via a post containing a specially crafted payload that triggers catastrophic backtracking in the client-side markdown parser.. Mattermost Advisory ID: MMSA-2026-00658 | |
| Title | Crafted message attachment causes client-side denial of service via markdown parser regex backtracking in Mattermost | |
| Weaknesses | CWE-1333 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: Mattermost
Published:
Updated: 2026-07-13T13:56:16.767Z
Reserved: 2026-04-22T10:05:15.625Z
Link: CVE-2026-6850
Updated: 2026-07-13T13:56:13.167Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-13T17:30:04Z