Primary

Context

Mattermost Infinite Re-Render Vulnerability Leading to Application-Level Denial-of-Service

Vulnerability

Patched

A denial-of-service vulnerability has been identified in Mattermost versions 10.11.x prior to 10.11.9, 11.1.x prior to 11.1.1, and 11.0.x prior to 11.0.6. The issue arises because these versions fail to properly handle API errors, allowing authenticated users to create infinite re-render loops in the application. This unbounded component re-rendering can cause significant disruption to the application's normal functioning.

Impact

Exploitation of this vulnerability can lead to application-level denial-of-service, causing the application to become unresponsive or slow due to the excessive re-rendering of components.

Remediation

Users can upgrade to Mattermost versions 11.3.010.11.10 or 11.2.010.11.911.1.211.0.7 to address this vulnerability.

Added: Jan 16, 2026, 12:20 PM

Updated: Jan 16, 2026, 4:07 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

5.2

remediation

7.7

relevance

2.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

5.2

remediation

7.7

relevance

2.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mattermost Infinite Re-Render Vulnerability Leading to Application-Level Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

Mattermost

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating