Primary

Context

Mattermost Plugins Webhook Timestamp Validation Vulnerability Allowing Zoom Meeting State Corruption

Vulnerability

Patched

A vulnerability exists in Mattermost Plugins versions through 11.4 and 10.11.11.0, where the webhook request timestamps are not properly validated. This flaw enables an attacker to manipulate the state of Zoom meetings within Mattermost by replaying webhook requests. Mattermost Advisory ID: MMSA-2026-00584

Impact

Exploitation of this vulnerability can lead to unauthorized manipulation of Zoom meeting states in Mattermost, potentially causing disruptions or mismanagement of scheduled meetings.

Remediation

Users can upgrade to Mattermost Plugins version 11.5.011.4.311.3.2 or 11.6.010.11.1311.5.111.4.311.3.3 to address this vulnerability.

Added: Mar 26, 2026, 5:26 PM

Updated: Mar 26, 2026, 5:26 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

6.0

remediation

7.7

relevance

4.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

6.0

remediation

7.7

relevance

4.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mattermost Plugins Webhook Timestamp Validation Vulnerability Allowing Zoom Meeting State Corruption

Vulnerability

Impact

Remediation

Affected Products

Mattermost

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating