Mattermost
Moderate fix4 remedies
cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*
Moderate fix4 remedies
- >= 11.2, <= 11.2.2
- >= 10.11, <= 10.11.10
- >= 11.4, <= 11.4.0
- >= 11.3, <= 11.3.1
Mattermost ANSI Escape Sequence Vulnerability in mmctl Commands
Vulnerability
Patched
A vulnerability exists in Mattermost versions 11.2.x through 11.2.2, 10.11.x through 10.11.10, 11.4.x through 11.4.0, and 11.3.x through 11.3.1. These versions fail to properly sanitize user-controlled post content in the mmctl commands terminal output. This oversight allows attackers to manipulate administrator terminals by sending crafted messages that include ANSI and OSC escape sequences. Such manipulation can lead to screen alterations, the creation of fake prompts, and unauthorized access to the clipboard.
Impact
Exploitation of this vulnerability could result in unauthorized manipulation of administrator terminal sessions, including screen disruptions, the introduction of deceptive prompts, and interception of clipboard contents.
Remediation
Users can upgrade to Mattermost versions 11.5.0, 11.6.0, or 11.4.3 to address this vulnerability.
Added: Mar 26, 2026, 5:30 PM
Updated: Mar 26, 2026, 5:30 PM
Vulnerability Rating
Custom Algorithm
spread
3.1impact
0.4exploitability
4.6remediation
7.7relevance
4.5threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.