Primary

Context

Mattermost Plugins Request Body Size Limitation Vulnerability Leading to Denial-of-Service

Vulnerability

A denial-of-service vulnerability has been identified in Mattermost Plugins versions through 2.3.1. The issue arises because the {{/lifecycle}} webhook endpoint does not properly limit the size of incoming JSON payloads. This oversight allows an authenticated attacker to send excessively large payloads, causing memory exhaustion on the server.

Impact

Exploitation of this vulnerability leads to memory exhaustion, causing a denial-of-service condition on the server.

Remediation

Users can upgrade to Mattermost Plugins version 2.3.2 or later, where this vulnerability has been addressed.

Added: Apr 9, 2026, 11:28 AM

Updated: Apr 9, 2026, 11:28 AM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

2.5

exploitability

5.2

remediation

0.0

relevance

5.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

2.5

exploitability

5.2

remediation

0.0

relevance

5.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mattermost Plugins Request Body Size Limitation Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

Mattermost Plugins

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating