{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3109", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "state": "PUBLISHED", "assignerShortName": "Mattermost", "dateReserved": "2026-02-24T10:53:41.124Z", "datePublished": "2026-03-26T16:28:07.362Z", "dateUpdated": "2026-03-26T19:52:11.107Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Mattermost", "vendor": "Mattermost", "versions": [{"lessThanOrEqual": "10.11.11", "status": "affected", "version": "0", "versionType": "semver"}, {"version": "11.5.0", "status": "unaffected"}, {"version": "10.11.12", "status": "unaffected"}]}], "credits": [{"lang": "en", "type": "finder", "value": "thecybertantrik"}], "descriptions": [{"lang": "en", "value": "Mattermost Plugins versions <=11.4 10.11.11.0 fail to validate webhook request timestamps which allows an attacker to corrupt Zoom meeting state in Mattermost via replayed webhook requests. Mattermost Advisory ID: MMSA-2026-00584"}], "metrics": [{"cvssV3_1": {"attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", "baseSeverity": "LOW", "baseScore": 2.2}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions", "cweId": "CWE-754"}]}], "references": [{"url": "https://mattermost.com/security-updates", "name": "MMSA-2026-00584", "tags": ["vendor-advisory"]}], "solutions": [{"value": "Update Mattermost Plugins to versions 11.5.0, 10.11.12 or higher.", "lang": "en"}], "source": {"advisory": "MMSA-2026-00584", "defect": ["https://mattermost.atlassian.net/browse/MM-67233"], "discovery": "EXTERNAL"}, "title": "Missing timestamp validation in Zoom webhook handler", "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2026-03-26T16:28:07.362Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3109", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-26T17:44:18.070716Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T19:52:11.107Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3109", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-26T17:44:18.070716Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T19:50:43.961Z"}}], "cna": {"title": "Missing timestamp validation in Zoom webhook handler", "source": {"defect": ["https://mattermost.atlassian.net/browse/MM-67233"], "advisory": "MMSA-2026-00584", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "thecybertantrik"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.2, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Mattermost", "product": "Mattermost", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "10.11.11"}, {"status": "unaffected", "version": "11.5.0"}, {"status": "unaffected", "version": "10.11.12"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update Mattermost Plugins to versions 11.5.0, 10.11.12 or higher."}], "references": [{"url": "https://mattermost.com/security-updates", "name": "MMSA-2026-00584", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "Mattermost Plugins versions <=11.4 10.11.11.0 fail to validate webhook request timestamps which allows an attacker to corrupt Zoom meeting state in Mattermost via replayed webhook requests. Mattermost Advisory ID: MMSA-2026-00584"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-754", "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions"}]}], "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2026-03-26T16:28:07.362Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3109", "state": "PUBLISHED", "dateUpdated": "2026-03-26T19:52:11.107Z", "dateReserved": "2026-02-24T10:53:41.124Z", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "datePublished": "2026-03-26T16:28:07.362Z", "assignerShortName": "Mattermost"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Mattermost Plugins versions <=11.4 10.11.11.0 fail to validate webhook request timestamps which allows an attacker to corrupt Zoom meeting state in Mattermost via replayed webhook requests. Mattermost Advisory ID: MMSA-2026-00584"}, {"lang": "es", "value": "Las versiones &lt;=11.4 10.11.11.0 de los plugins de Mattermost no validan las marcas de tiempo de las solicitudes de webhook, lo que permite a un atacante corromper el estado de las reuniones de Zoom en Mattermost mediante solicitudes de webhook repetidas. ID de aviso de Mattermost: MMSA-2026-00584"}], "id": "CVE-2026-3109", "lastModified": "2026-03-30T13:26:50.827", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 2.2, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 1.4, "source": "responsibledisclosure@mattermost.com", "type": "Secondary"}]}, "published": "2026-03-26T17:16:41.967", "references": [{"source": "responsibledisclosure@mattermost.com", "url": "https://mattermost.com/security-updates"}], "sourceIdentifier": "responsibledisclosure@mattermost.com", "vulnStatus": "Undergoing Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-754"}], "source": "responsibledisclosure@mattermost.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,10.11.11]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "11.5.0"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "10.11.12"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Mattermost", "source": "cna", "vendor": "Mattermost"}, "product": "mattermost", "vendor": "mattermost"}], "analysis": {"en": {"generated_at": "2026-03-26T17:22:59.181869+00:00", "value": {"mitigation_remediation": ["Apply the Mattermost plugin update to version 11.5.0, 10.11.12, or newer.", "Verify that the updated plugin now enforces timestamp validation for Zoom webhook calls.", "If an immediate patch is not feasible, restrict access to the Zoom webhook endpoint to known trusted IP ranges or disable the integration until remediation is applied.", "Continuously monitor webhook logs for suspicious replay attempts and investigate any anomalies promptly."], "summary": {"action": "Patch", "impact": "Replayable webhook requests can corrupt Zoom meeting state in Mattermost"}, "threat_synthesis": {"affected_systems": "Mattermost Plugins versions 11.4 and earlier, and 10.11.11.0 and earlier, are impacted. This flaw applies specifically to the Zoom integration component that handles webhook callbacks, allowing attackers to abuse replayed webhook requests on affected servers.", "description_and_impact": "The vulnerability arises from a missing validation of timestamps in the Zoom webhook handler of Mattermost Plugins. Since the plugin does not verify that incoming webhook messages are fresh, an attacker can replay old requests, which in turn can manipulate the state of Zoom meetings integrated within Mattermost, potentially leading to unauthorized configuration changes or disabling of meetings. The weakness is categorized as CWE\u2011754.", "risk_and_exploitability": "The CVSS score of 2.2 indicates a low severity under normal circumstances, and the vulnerability is not listed in CISA\u2019s Known Exploited Vulnerabilities catalog. Exploitation would require an attacker to send replayed webhook requests to the vulnerable Mattermost instance, typically over the Internet via the Zoom API. The most likely attack vector is remote web traffic targeting the Zoom webhook endpoint, and the presence of no EPSS score suggests low current exploit activity. Overall, while the impact to a single meeting is limited, the ability to repeatedly manipulate meeting state poses a moderate operational risk."}}}}, "created": "2026-03-27T08:33:53.068148+00:00", "updated": "2026-03-27T09:26:19.289297+00:00", "vendors": ["mattermost", "mattermost$PRODUCT$mattermost"]}