CVE-2026-8683 | THREATINT

Description

Mattermost Desktop App versions <=6.1 5.5.13.0 fail to account for attempting to open extremely long URLs in the Mattermost Desktop App which allows a malicious server owner to crash the application via including a script to call window.open on a very large URL. Mattermost Advisory ID: MMSA-2026-00652

PUBLISHED Reserved 2026-05-15 | Published 2026-06-15 | Updated 2026-06-15 | Assigner Mattermost

MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Problem types

CWE-770: Allocation of Resources Without Limits or Throttling

Product status

Default status

unaffected

Any version

affected

6.2.0

unaffected

5.13.6.0

unaffected

Credits

game0v3r finder

References

mattermost.com/security-updates (MMSA-2026-00652) vendor-advisory

cve.org (CVE-2026-8683)

nvd.nist.gov (CVE-2026-8683)

Download JSON