Vulnerability DatabaseCVE-2026-2456
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2026-2456
March 16, 2026
Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 Mattermost fails to limit the size of responses from integration action endpoints, which allows an authenticated attacker to cause server memory exhaustion and denial of service via a malicious integration server that returns an arbitrarily large response when a user clicks an interactive message button.. Mattermost Advisory ID: MMSA-2026-00571
Affected Packages
github.com/mattermost/mattermost-server (GO):
Affected version(s) >=v11.3.0-rc1 <v11.3.1
Fix Suggestion:
Update to version v11.3.1
github.com/mattermost/mattermost/server/v8 (GO):
Affected version(s) >=v8.0.0-20230429093631-aac4f2337933 <v8.0.0-20260127165411-fe3052073dc6
Fix Suggestion:
Update to version v8.0.0-20260127165411-fe3052073dc6
github.com/mattermost/mattermost/server/v8 (GO):
Affected version(s) >=v8.0.0-20230429093631-aac4f2337933 <v8.0.0-20260127165411-fe3052073dc6
Fix Suggestion:
Update to version v8.0.0-20260127165411-fe3052073dc6
github.com/mattermost/mattermost-server (GO):
Affected version(s) >=v10.11.0-rc1 <v10.11.11
Fix Suggestion:
Update to version v10.11.11
github.com/mattermost/mattermost-server (GO):
Affected version(s) >=v10.11.0-rc1 <v10.11.11
Fix Suggestion:
Update to version v10.11.11
github.com/mattermost/mattermost-server (GO):
Affected version(s) >=v11.2.0-rc1 <v11.2.3
Fix Suggestion:
Update to version v11.2.3
github.com/mattermost/mattermost-server (GO):
Affected version(s) >=v11.2.0-rc1 <v11.2.3
Fix Suggestion:
Update to version v11.2.3
github.com/mattermost/mattermost-server (GO):
Affected version(s) >=v10.11.0-rc1 <v10.11.11
Fix Suggestion:
Update to version v10.11.11
github.com/mattermost/mattermost-server (GO):
Affected version(s) >=v11.3.0-rc1 <v11.3.1
Fix Suggestion:
Update to version v11.3.1
github.com/mattermost/mattermost-server (GO):
Affected version(s) >=v11.2.0-rc1 <v11.2.3
Fix Suggestion:
Update to version v11.2.3
github.com/mattermost/mattermost-server (GO):
Affected version(s) >=v11.2.0-rc1 <v11.2.3
Fix Suggestion:
Update to version v11.2.3
github.com/mattermost/mattermost (GO):
Affected version(s) =v11.3.0 <v11.3.1
Fix Suggestion:
Update to version v11.3.1
github.com/mattermost/mattermost-server (GO):
Affected version(s) >=v11.3.0-rc1 <v11.3.1
Fix Suggestion:
Update to version v11.3.1
github.com/mattermost/mattermost/server/v8 (GO):
Affected version(s) >=v8.0.0-20230429093631-aac4f2337933 <v8.0.0-20260127165411-fe3052073dc6
Fix Suggestion:
Update to version v8.0.0-20260127165411-fe3052073dc6
github.com/mattermost/mattermost-server (GO):
Affected version(s) >=v11.3.0-rc1 <v11.3.1
Fix Suggestion:
Update to version v11.3.1
github.com/mattermost/mattermost (GO):
Affected version(s) >=v10.11.0 <v10.11.11
Fix Suggestion:
Update to version v10.11.11
github.com/mattermost/mattermost (GO):
Affected version(s) >=v11.2.0 <v11.2.3
Fix Suggestion:
Update to version v11.2.3
github.com/mattermost/mattermost-server (GO):
Affected version(s) >=v10.11.0-rc1 <v10.11.11
Fix Suggestion:
Update to version v10.11.11
github.com/mattermost/mattermost/server/v8 (GO):
Affected version(s) >=v8.0.0-20230429093631-aac4f2337933 <v8.0.0-20260127165411-fe3052073dc6
Fix Suggestion:
Update to version v8.0.0-20260127165411-fe3052073dc6
Related ResourcesĀ (5)
https://nvd.nist.gov/vuln/detail/CVE-2026-2456
https://github.com/mattermost/mattermost
https://mattermost.com/security-updates
https://github.com/advisories/GHSA-34g8-9fpp-46ch
https://github.com/mattermost/mattermost/commit/fe3052073dc67e3c920baf9fe7efd44ac1d8124c
Do you need more information?
Contact Us
CVSS v4
Base Score:
6
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
PASSIVE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
5.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH
Weakness Type (CWE)
Memory Allocation with Excessive Size Value
CWE-789
EPSS
Base Score:
0.04