Primary

Context

Mattermost IPv4-Mapped IPv6 Address Canonicalization Vulnerability Allowing SSRF

Vulnerability

Patched

A vulnerability exists in Mattermost versions 11.3.x through 11.3.0, 11.2.x through 11.2.2, and 10.11.x through 10.11.10. These versions fail to properly canonicalize IPv4-mapped IPv6 addresses before validating reserved IPs. This oversight enables attackers to conduct Server-Side Request Forgery (SSRF) attacks against internal services by using IPv4-mapped IPv6 literals, such as '::ffff:127.0.0.1'.

Impact

Exploitation of this vulnerability allows for SSRF attacks, potentially leading to unauthorized access or manipulation of internal services.

Remediation

Users can upgrade to Mattermost versions 11.5.0, 11.4.0, or 11.3.1 to address this vulnerability.

Added: Mar 16, 2026, 3:35 PM

Updated: Mar 16, 2026, 3:35 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

6.8

remediation

7.7

relevance

4.0

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

6.8

remediation

7.7

relevance

4.0

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mattermost IPv4-Mapped IPv6 Address Canonicalization Vulnerability Allowing SSRF

Vulnerability

Impact

Remediation

Affected Products

Mattermost

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating