Primary

Context

Mattermost External SVG Rendering Vulnerability Leading to Application Crash

Vulnerability

Patched

A vulnerability exists in Mattermost versions 11.4.x through 11.4.0, 11.3.x through 11.3.1, 11.2.x through 11.2.3, and 10.11.x through 10.11.11. These versions fail to properly handle external SVGs in link embeds, allowing unauthenticated users to crash the Mattermost web and desktop applications by creating an issue or pull request on GitHub.

Impact

Exploitation of this vulnerability causes a denial-of-service condition, crashing the Mattermost web and desktop applications.

Remediation

Users can upgrade to Mattermost versions 11.5.0 or 11.6.0 to address this vulnerability.

Added: Mar 25, 2026, 9:41 PM

Updated: Mar 25, 2026, 9:41 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.7

exploitability

6.4

remediation

7.7

relevance

4.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.7

exploitability

6.4

remediation

7.7

relevance

4.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mattermost External SVG Rendering Vulnerability Leading to Application Crash

Vulnerability

Impact

Remediation

Affected Products

Mattermost

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating