Primary

Context

Mattermost Desktop App Denial-of-Service Vulnerability via Server-Rendered Content

Vulnerability

A denial-of-service vulnerability has been identified in the Mattermost Desktop App, affecting versions 6.1, 6.0.1, and 5.4.13.0. The issue arises because the application fails to properly manage server-rendered content, allowing a malicious server or plugin to close an underlying application view. This is achieved by invoking 'window.close()' in the renderer context, which crashes the desktop client and disrupts the user's experience.

Impact

Exploitation of this vulnerability leads to a crash of the Mattermost Desktop client, causing a denial-of-service condition at the client level.

Remediation

Users are advised to update to the latest version of the Mattermost Desktop App. Details on the security update will be posted on the Mattermost Security Updates page.

Added: May 18, 2026, 9:24 AM

Updated: May 18, 2026, 9:24 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.7

remediation

0.0

relevance

8.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.7

remediation

0.0

relevance

8.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mattermost Desktop App Denial-of-Service Vulnerability via Server-Rendered Content

Vulnerability

Impact

Remediation

Affected Products

Mattermost Desktop App

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating