Primary

Context

Mattermost Plugins Request Body Size Limitation Vulnerability in Webhook Endpoint Allowing Denial-of-Service

Vulnerability

A denial-of-service vulnerability has been identified in Mattermost Plugins versions through 2.1.3.0. The issue arises because the {{/changes}} webhook endpoint does not properly limit the size of incoming JSON payloads. This oversight enables authenticated attackers to send excessively large payloads, causing memory exhaustion and disrupting service.

Impact

Exploitation of this vulnerability leads to memory exhaustion on the server, causing a denial-of-service condition where the application becomes unresponsive or unavailable.

Remediation

Users can upgrade to Mattermost Plugins version 2.1.3.1 or later, where this vulnerability has been addressed.

Added: Apr 9, 2026, 11:26 AM

Updated: Apr 9, 2026, 11:26 AM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

2.5

exploitability

5.2

remediation

0.0

relevance

5.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

2.5

exploitability

5.2

remediation

0.0

relevance

5.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mattermost Plugins Request Body Size Limitation Vulnerability in Webhook Endpoint Allowing Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

Mattermost Plugins

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating