Mattermost Desktop App Pop-Up Window Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in the Mattermost Desktop App, affecting versions 6.1, 6.0.1, and 5.4.13.0. The issue arises because the application fails to block invalid URLs from opening in a pop-up window. This flaw allows a malicious server owner to repeatedly crash the application by using a JavaScript alert as the URL payload.

Impact

Exploitation of this vulnerability leads to a crash of the Mattermost Desktop application, causing a denial-of-service condition where the application becomes unresponsive or unavailable to the user.

Added: May 18, 2026, 9:25 AM

Updated: May 18, 2026, 9:25 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.2

remediation

0.0

relevance

8.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.2

remediation

0.0

relevance

8.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mattermost Desktop App Pop-Up Window Denial-of-Service Vulnerability

Vulnerability

Impact

Affected Products

Mattermost Desktop App

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating