Primary

Context

Mattermost Plugins Request Size Validation Vulnerability Leading to Denial-of-Service

Vulnerability

Patched

A denial-of-service vulnerability has been identified in Mattermost Plugins versions 10.11.11.0 and 11.0.4, as well as in the 11.1.3 and 11.3.2 releases. These versions fail to properly validate the size of incoming requests to the webhook endpoint. This oversight allows an authenticated attacker to disrupt service by sending oversized requests.

Impact

Exploitation of this vulnerability can cause a service disruption by overwhelming the server with large requests, potentially leading to degraded performance or unavailability of the Mattermost instance.

Remediation

Users can upgrade to Mattermost Plugins version 11.5.011.4.211.3.3 to address this vulnerability.

Added: Mar 26, 2026, 5:20 PM

Updated: Mar 26, 2026, 5:20 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

5.2

remediation

7.7

relevance

4.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

5.2

remediation

7.7

relevance

4.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mattermost Plugins Request Size Validation Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

Mattermost

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating