{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3108", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "state": "PUBLISHED", "assignerShortName": "Mattermost", "dateReserved": "2026-02-24T10:50:40.507Z", "datePublished": "2026-03-26T16:16:49.790Z", "dateUpdated": "2026-03-27T03:55:41.498Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Mattermost", "vendor": "Mattermost", "versions": [{"lessThanOrEqual": "11.2.2", "status": "affected", "version": "11.2.0", "versionType": "semver"}, {"lessThanOrEqual": "10.11.10", "status": "affected", "version": "10.11.0", "versionType": "semver"}, {"lessThanOrEqual": "11.4.0", "status": "affected", "version": "11.4.0", "versionType": "semver"}, {"lessThanOrEqual": "11.3.1", "status": "affected", "version": "11.3.0", "versionType": "semver"}, {"version": "11.5.0", "status": "unaffected"}, {"version": "11.2.3", "status": "unaffected"}, {"version": "10.11.11", "status": "unaffected"}, {"version": "11.4.1", "status": "unaffected"}, {"version": "11.3.2", "status": "unaffected"}]}], "credits": [{"lang": "en", "type": "finder", "value": "winfunc"}], "descriptions": [{"lang": "en", "value": "Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail to sanitize user-controlled post content in the mmctl commands terminal output which allows attackers to manipulate administrator terminals via crafted messages containing ANSI and OSC escape sequences that enable screen manipulation, fake prompts, and clipboard hijacking.. Mattermost Advisory ID: MMSA-2026-00599"}], "metrics": [{"cvssV3_1": {"attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "baseSeverity": "HIGH", "baseScore": 8}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences", "cweId": "CWE-150"}]}], "references": [{"url": "https://mattermost.com/security-updates", "name": "MMSA-2026-00599", "tags": ["vendor-advisory"]}], "solutions": [{"value": "Update Mattermost to versions 11.5.0, 11.2.3, 10.11.11, 11.4.1, 11.3.2 or higher.", "lang": "en"}], "source": {"advisory": "MMSA-2026-00599", "defect": ["https://mattermost.atlassian.net/browse/MM-67364"], "discovery": "EXTERNAL"}, "title": "Terminal Escape Injection in mmctl Report Posts Command", "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2026-03-26T16:16:49.790Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-26T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-3108"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T03:55:41.498Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3108", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-26T17:38:05.295135Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T17:47:48.522Z"}}], "cna": {"title": "Terminal Escape Injection in mmctl Report Posts Command", "source": {"defect": ["https://mattermost.atlassian.net/browse/MM-67364"], "advisory": "MMSA-2026-00599", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "winfunc"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Mattermost", "product": "Mattermost", "versions": [{"status": "affected", "version": "11.2.0", "versionType": "semver", "lessThanOrEqual": "11.2.2"}, {"status": "affected", "version": "10.11.0", "versionType": "semver", "lessThanOrEqual": "10.11.10"}, {"status": "affected", "version": "11.4.0", "versionType": "semver", "lessThanOrEqual": "11.4.0"}, {"status": "affected", "version": "11.3.0", "versionType": "semver", "lessThanOrEqual": "11.3.1"}, {"status": "unaffected", "version": "11.5.0"}, {"status": "unaffected", "version": "11.2.3"}, {"status": "unaffected", "version": "10.11.11"}, {"status": "unaffected", "version": "11.4.1"}, {"status": "unaffected", "version": "11.3.2"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update Mattermost to versions 11.5.0, 11.2.3, 10.11.11, 11.4.1, 11.3.2 or higher."}], "references": [{"url": "https://mattermost.com/security-updates", "name": "MMSA-2026-00599", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail to sanitize user-controlled post content in the mmctl commands terminal output which allows attackers to manipulate administrator terminals via crafted messages containing ANSI and OSC escape sequences that enable screen manipulation, fake prompts, and clipboard hijacking.. Mattermost Advisory ID: MMSA-2026-00599"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-150", "description": "CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences"}]}], "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2026-03-26T16:16:49.790Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3108", "state": "PUBLISHED", "dateUpdated": "2026-03-27T03:55:41.498Z", "dateReserved": "2026-02-24T10:50:40.507Z", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "datePublished": "2026-03-26T16:16:49.790Z", "assignerShortName": "Mattermost"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "B6E5F368-358C-429B-8F04-3C8DF4A71A91", "versionEndExcluding": "10.11.11", "versionStartIncluding": "10.11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "7F64C167-943D-4F3F-9374-BCC8DECB3881", "versionEndExcluding": "11.2.3", "versionStartIncluding": "11.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "805ECFFC-82FD-4754-AF95-32167E1D41CB", "versionEndExcluding": "11.3.2", "versionStartIncluding": "11.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mattermost:mattermost_server:11.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "7B6A1FE2-D980-4755-A838-190A53A4D62B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail to sanitize user-controlled post content in the mmctl commands terminal output which allows attackers to manipulate administrator terminals via crafted messages containing ANSI and OSC escape sequences that enable screen manipulation, fake prompts, and clipboard hijacking.. Mattermost Advisory ID: MMSA-2026-00599"}, {"lang": "es", "value": "Las versiones de Mattermost 11.2.x &lt;= 11.2.2, 10.11.x &lt;= 10.11.10, 11.4.x &lt;= 11.4.0, 11.3.x &lt;= 11.3.1 no logran sanear el contenido de publicaciones controlado por el usuario en la salida de terminal de los comandos mmctl, lo que permite a los atacantes manipular las terminales de los administradores a trav\u00e9s de mensajes elaborados que contienen secuencias de escape ANSI y OSC que habilitan la manipulaci\u00f3n de pantalla, avisos falsos y el secuestro del portapapeles. ID de aviso de Mattermost: MMSA-2026-00599"}], "id": "CVE-2026-3108", "lastModified": "2026-03-30T19:45:27.367", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 6.0, "source": "responsibledisclosure@mattermost.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-26T17:16:41.797", "references": [{"source": "responsibledisclosure@mattermost.com", "tags": ["Vendor Advisory"], "url": "https://mattermost.com/security-updates"}], "sourceIdentifier": "responsibledisclosure@mattermost.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-150"}], "source": "responsibledisclosure@mattermost.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[11.2.0,11.2.2]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[10.11.0,10.11.10]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "11.4.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[11.3.0,11.3.1]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "11.5.0"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "11.2.3"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "10.11.11"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "11.4.1"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "11.3.2"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Mattermost", "source": "cna", "vendor": "Mattermost"}, "product": "mattermost", "vendor": "mattermost"}], "analysis": {"en": {"generated_at": "2026-03-26T18:25:44.328752+00:00", "value": {"mitigation_remediation": ["Update Mattermost to versions 11.5.0, 11.2.3, 10.11.11, 11.4.1, 11.3.2 or higher."], "summary": {"action": "Patch Immediately", "impact": "Terminal Manipulation and Clipboard Hijacking"}, "threat_synthesis": {"affected_systems": "The affected product is Mattermost, an open\u2011source collaboration platform. Vulnerable releases include 10.11.0 through 10.11.10, 11.2.0 through 11.2.2, 11.3.0 through 11.3.1, and 11.4.0. All listed versions fail to escape malicious control sequences in mmctl terminal output and are at risk when administrators generate or view that output.", "description_and_impact": "Mattermost versions 10.11.x (up to 10.11.10), 11.2.x (up to 11.2.2), 11.3.x (up to 11.3.1), and 11.4.x (up to 11.4.0) do not sanitize user\u2011controlled post content when it is rendered in the output of the mmctl commands. The flaw allows attackers to embed ANSI and OSC escape sequences into a message; when an administrator reviews that message through mmctl, the terminal interprets the sequences as commands, causing screen manipulation, counterfeit prompts, or clipboard hijacking. This can mislead the administrator into performing unintended actions or expose sensitive data directly to the attacker. The weakness falls under CWE\u2011150: Relying on the input for process control.", "risk_and_exploitability": "The CVSS base score of 8 indicates high severity. No EPSS score is publicly available, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Exploitation does not require special privileges; an attacker only needs to post a crafted message in a channel accessible to an administrator. Once the administrator runs an mmctl command that outputs the post, the terminal will process the escape sequences. The ease of the attack path and the potential for deception, clipboard theft, and accidental command execution make the risk moderate to high, warranting immediate action."}}}}, "created": "2026-03-27T08:34:00.498461+00:00", "updated": "2026-03-27T09:26:27.070600+00:00", "vendors": ["mattermost", "mattermost$PRODUCT$mattermost"]}