CVE-2026-2454

CVE Database · CVE-2026-2454

CVE-2026-2454

· MEDIUMAnalyzed

CVSS v3.1

5.8

EPSS

0.27%

Published

Mar 16, 2026

Modified

Mar 18, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to handle incorrectly reported array lengths which allows malicious user to cause OOM errors and crash the server via sending corrupted msgpack frames within websocket messages to calls plugin. Mattermost Advisory ID: MMSA-2025-00537

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

Weaknesses (CWE)

CWE-1287

Affected Products (3)

mattermost · mattermost_server (up to 10.11.11)vulnerable

mattermost · mattermost_server (up to 11.2.3)vulnerable

mattermost · mattermost_server (up to 11.3.1)vulnerable

References (1)

https://mattermost.com/security-updates

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs