Home

Description

Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to validate the length and content of message attachment field values, which allows an authenticated attacker to cause a denial of service for all users in a channel via a post containing a specially crafted payload that triggers catastrophic backtracking in the client-side markdown parser.. Mattermost Advisory ID: MMSA-2026-00658

PUBLISHED Reserved 2026-04-22 | Published 2026-07-13 | Updated 2026-07-13 | Assigner Mattermost




MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-1333: Inefficient Regular Expression Complexity

Product status

Default status
unaffected

11.7.0 (semver)
affected

11.6.0 (semver)
affected

10.11.0 (semver)
affected

11.8.0
unaffected

11.7.3
unaffected

11.6.5
unaffected

10.11.20
unaffected

Credits

idr finder

References

mattermost.com/security-updates (MMSA-2026-00658) vendor-advisory

cve.org (CVE-2026-6850)

nvd.nist.gov (CVE-2026-6850)

Download JSON