{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3116", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "state": "PUBLISHED", "assignerShortName": "Mattermost", "dateReserved": "2026-02-24T11:10:17.757Z", "datePublished": "2026-03-26T16:19:32.607Z", "dateUpdated": "2026-03-26T17:51:14.971Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Mattermost", "vendor": "Mattermost", "versions": [{"lessThanOrEqual": "11.0.4", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThanOrEqual": "11.1.3", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThanOrEqual": "11.3.2", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThanOrEqual": "10.11.11", "status": "affected", "version": "0", "versionType": "semver"}, {"version": "11.5.0", "status": "unaffected"}, {"version": "11.4.1", "status": "unaffected"}, {"version": "11.3.2", "status": "unaffected"}, {"version": "11.2.4", "status": "unaffected"}, {"version": "10.11.12", "status": "unaffected"}]}], "credits": [{"lang": "en", "type": "finder", "value": "thecybertantrik"}], "descriptions": [{"lang": "en", "value": "Mattermost Plugins versions <=11.4 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to validate incoming request size which allows an authenticated attacker to cause service disruption via the webhook endpoint. Mattermost Advisory ID: MMSA-2026-00589"}], "metrics": [{"cvssV3_1": {"attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "baseSeverity": "MEDIUM", "baseScore": 4.9}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-400 Uncontrolled Resource Consumption", "cweId": "CWE-400"}]}], "references": [{"url": "https://mattermost.com/security-updates", "name": "MMSA-2026-00589", "tags": ["vendor-advisory"]}], "solutions": [{"value": "Update Mattermost Plugins to versions 11.5.0, 11.4.1, 11.3.2, 11.2.4, 10.11.12 or higher.", "lang": "en"}], "source": {"advisory": "MMSA-2026-00589", "defect": ["https://mattermost.atlassian.net/browse/MM-67303"], "discovery": "EXTERNAL"}, "title": "Improper Input Validation in Zoom Plugin Webhook Handler", "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2026-03-26T16:19:32.607Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3116", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-26T17:37:45.639766Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T17:51:14.971Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3116", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-26T17:37:45.639766Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T17:47:33.539Z"}}], "cna": {"title": "Improper Input Validation in Zoom Plugin Webhook Handler", "source": {"defect": ["https://mattermost.atlassian.net/browse/MM-67303"], "advisory": "MMSA-2026-00589", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "thecybertantrik"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Mattermost", "product": "Mattermost", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "11.0.4"}, {"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "11.1.3"}, {"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "11.3.2"}, {"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "10.11.11"}, {"status": "unaffected", "version": "11.5.0"}, {"status": "unaffected", "version": "11.4.1"}, {"status": "unaffected", "version": "11.3.2"}, {"status": "unaffected", "version": "11.2.4"}, {"status": "unaffected", "version": "10.11.12"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update Mattermost Plugins to versions 11.5.0, 11.4.1, 11.3.2, 11.2.4, 10.11.12 or higher."}], "references": [{"url": "https://mattermost.com/security-updates", "name": "MMSA-2026-00589", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "Mattermost Plugins versions <=11.4 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to validate incoming request size which allows an authenticated attacker to cause service disruption via the webhook endpoint. Mattermost Advisory ID: MMSA-2026-00589"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2026-03-26T16:19:32.607Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3116", "state": "PUBLISHED", "dateUpdated": "2026-03-26T17:51:14.971Z", "dateReserved": "2026-02-24T11:10:17.757Z", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "datePublished": "2026-03-26T16:19:32.607Z", "assignerShortName": "Mattermost"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Mattermost Plugins versions <=11.4 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to validate incoming request size which allows an authenticated attacker to cause service disruption via the webhook endpoint. Mattermost Advisory ID: MMSA-2026-00589"}, {"lang": "es", "value": "Las versiones de los plugins de Mattermost &lt;=11.4 11.0.4 11.1.3 11.3.2 10.11.11.0 no validan el tama\u00f1o de las solicitudes entrantes, lo que permite a un atacante autenticado causar interrupci\u00f3n del servicio a trav\u00e9s del endpoint de webhook. ID de aviso de Mattermost: MMSA-2026-00589"}], "id": "CVE-2026-3116", "lastModified": "2026-03-30T13:26:50.827", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "responsibledisclosure@mattermost.com", "type": "Secondary"}]}, "published": "2026-03-26T17:16:42.823", "references": [{"source": "responsibledisclosure@mattermost.com", "url": "https://mattermost.com/security-updates"}], "sourceIdentifier": "responsibledisclosure@mattermost.com", "vulnStatus": "Undergoing Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "responsibledisclosure@mattermost.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,11.0.4]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,11.1.3]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,11.3.2]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,10.11.11]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "11.5.0"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "11.4.1"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "11.3.2"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "11.2.4"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "10.11.12"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Mattermost", "source": "cna", "vendor": "Mattermost"}, "product": "mattermost", "vendor": "mattermost"}], "analysis": {"en": {"generated_at": "2026-03-26T17:24:31.291793+00:00", "value": {"mitigation_remediation": ["Update Mattermost plugins to a patched version (11.5.0, 11.4.1, 11.3.2, 11.2.4, 10.11.12 or newer).", "Verify the plugin version on your Mattermost instance using the plugin management interface.", "If an update momentarily disrupts services, test in a staging environment before redeploying."], "summary": {"action": "Apply Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "Any Mattermost installation running the Zoom plugin on versions up to 11.4, 11.0.4, 11.1.3, 11.3.2, or 10.11.11.0 is affected. These versions fail to enforce request size limits, leaving the webhook endpoint open to abuse.", "description_and_impact": "Mattermost plugins allow a webhook endpoint to process incoming requests without validating the request size. An authenticated attacker can send oversized or malformed payloads that overwhelm the service, leading to a loss of availability for all users. The vulnerability is a classic resource exhaustion weakness (CWE\u2011400). The impact is limited to service disruption and does not expose data or allow code execution.", "risk_and_exploitability": "The CVSS score of 4.9 indicates a moderate severity. Because the attacker must be authenticated, exploitation requires legitimate access to the Mattermost instance, but a single authenticated user can trigger a denial of service that impacts all users. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, reducing immediate visibility of exploitation. Still, organizations that host Mattermost should treat this as a moderate risk due to its availability impact and the ease of sending crafted requests once authenticated."}}}}, "created": "2026-03-27T08:33:58.627400+00:00", "updated": "2026-03-27T09:26:25.022981+00:00", "vendors": ["mattermost", "mattermost$PRODUCT$mattermost"]}