Plattform
mattermost
Komponente
mattermost
Behoben in
2.3.2.0
1.15.1-0.20260213190728-6fe4d295592e
CVE-2026-24661 describes a denial-of-service (DoS) vulnerability affecting Mattermost Plugins versions from 0.0.0 up to and including 2.3.2.0. An attacker can exploit this flaw by sending excessively large JSON payloads to the {{/changes}} webhook endpoint, leading to memory exhaustion and potential service disruption. The vulnerability has been assigned Mattermost Advisory ID MMSA-2026-00611 and a CVSS score of 3.7 (LOW). A fix is available in version 2.3.2.0.
Exploitation of CVE-2026-24661 allows an authenticated attacker to cause a denial of service in Mattermost. By sending a large JSON payload to the {{/changes}} webhook endpoint, the server can be overwhelmed, leading to memory exhaustion and potentially crashing the service. This impacts the availability of Mattermost for legitimate users. The blast radius is limited to the affected Mattermost instance and its users. While the CVSS score is low, the impact of a DoS can still be significant, especially in critical environments.
CVE-2026-24661 was published on 2026-04-09. Its severity is rated as LOW with a CVSS score of 3.7. Mattermost Advisory ID: MMSA-2026-00611. No public proof-of-concept exploits are currently known. The vulnerability is not listed on KEV or EPSS, suggesting a low probability of active exploitation. However, given the ease of exploitation, it's advisable to apply the patch promptly.
Organizations utilizing Mattermost Plugins, particularly those with custom integrations or automation workflows that rely on the {{/changes}} webhook endpoint, are at risk. Environments with limited server resources or inadequate monitoring practices are especially vulnerable to the impact of a denial-of-service attack.
• linux / server: Monitor Mattermost server resource utilization (CPU, memory) using tools like top, htop, or vmstat. Look for sudden spikes in memory usage, particularly related to the Mattermost process. Use journalctl -u mattermost to check for error messages related to memory allocation failures.
journalctl -u mattermost -g 'memory allocation failure'• generic web: Monitor Mattermost server access logs for unusually large POST requests to the {{/changes}} webhook endpoint. Use grep to search for requests exceeding a predefined size threshold.
grep 'POST /api/v4/hooks/{{/changes}}.*Content-Length: [1-9][0-9]{6,}' /var/log/nginx/access.logdisclosure
Exploit-Status
EPSS
0.05% (16% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation is to upgrade Mattermost Plugins to version 2.3.2.0 or later. As a temporary workaround, consider implementing rate limiting on the {{/changes}} webhook endpoint to restrict the number of requests from a single source. Web application firewalls (WAFs) can also be configured to block excessively large requests. Monitor Mattermost server resource utilization (CPU, memory) for signs of unusual activity. After upgrading, confirm the fix by attempting to send a large JSON payload to the webhook endpoint and verifying that the server handles it gracefully without crashing.
Actualice el plugin {{/changes}} a la versión 2.3.2.0 o superior para mitigar la vulnerabilidad. Esta actualización limita el tamaño del cuerpo de la solicitud, previniendo el agotamiento de la memoria y la denegación de servicio.Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-24661 is a denial-of-service vulnerability in Mattermost Plugins versions 0.0.0–2.3.2.0 where an attacker can cause memory exhaustion by sending oversized JSON payloads.
You are affected if you are running Mattermost Plugins versions between 0.0.0 and 2.3.2.0, inclusive. Upgrade to 2.3.2.0 or later to mitigate the risk.
Upgrade Mattermost Plugins to version 2.3.2.0 or later. As a temporary workaround, implement rate limiting on the {{/changes}} webhook endpoint.
There is currently no indication of active exploitation of CVE-2026-24661.
You can find the official Mattermost advisory for CVE-2026-24661 at Mattermost Advisory ID: MMSA-2026-00611.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.