Plataforma
mattermost
Componente
mattermost
Corrigido em
2.3.2.0
1.15.1-0.20260213190728-6fe4d295592e
CVE-2026-24661 describes a denial-of-service (DoS) vulnerability affecting Mattermost Plugins versions from 0.0.0 up to and including 2.3.2.0. An attacker can exploit this flaw by sending excessively large JSON payloads to the {{/changes}} webhook endpoint, leading to memory exhaustion and potential service disruption. The vulnerability has been assigned Mattermost Advisory ID MMSA-2026-00611 and a CVSS score of 3.7 (LOW). A fix is available in version 2.3.2.0.
This vulnerability allows an authenticated attacker to cause a denial-of-service condition within a Mattermost instance. By crafting and sending oversized JSON payloads to the {{/changes}} webhook endpoint, the attacker can exhaust server memory resources. This can lead to the Mattermost service becoming unresponsive, impacting legitimate users' ability to communicate and collaborate. The impact is primarily focused on service availability, though prolonged denial of service could potentially lead to data loss if critical operations are interrupted. The attack requires authentication, limiting the scope of potential attackers to those with existing access to the Mattermost system.
CVE-2026-24661 was publicly disclosed on 2026-04-09. There is no indication of active exploitation at this time. The vulnerability is not currently listed on CISA KEV. Public proof-of-concept (PoC) code is not yet available, but the vulnerability's nature makes it relatively straightforward to exploit.
Organizations utilizing Mattermost Plugins, particularly those with custom integrations or automation workflows that rely on the {{/changes}} webhook endpoint, are at risk. Environments with limited server resources or inadequate monitoring practices are especially vulnerable to the impact of a denial-of-service attack.
• linux / server: Monitor Mattermost server resource utilization (CPU, memory) using tools like top, htop, or vmstat. Look for sudden spikes in memory usage, particularly related to the Mattermost process. Use journalctl -u mattermost to check for error messages related to memory allocation failures.
journalctl -u mattermost -g 'memory allocation failure'• generic web: Monitor Mattermost server access logs for unusually large POST requests to the {{/changes}} webhook endpoint. Use grep to search for requests exceeding a predefined size threshold.
grep 'POST /api/v4/hooks/{{/changes}}.*Content-Length: [1-9][0-9]{6,}' /var/log/nginx/access.logdisclosure
Status do Exploit
EPSS
0.05% (percentil 16%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2026-24661 is to upgrade Mattermost Plugins to version 2.3.2.0 or later, which includes the fix for this vulnerability. If immediate upgrading is not feasible, consider implementing temporary workarounds such as rate limiting the number of requests to the {{/changes}} webhook endpoint. Additionally, configure your Mattermost server to have sufficient memory resources to handle legitimate traffic spikes. Monitor server resource utilization (CPU, memory) for unusual patterns that might indicate an ongoing attack. After upgrading, confirm the fix by sending a large JSON payload to the {{/changes}} webhook endpoint and verifying that the server does not experience memory exhaustion or service disruption.
Actualice el plugin {{/changes}} a la versión 2.3.2.0 o superior para mitigar la vulnerabilidad. Esta actualización limita el tamaño del cuerpo de la solicitud, previniendo el agotamiento de la memoria y la denegación de servicio.Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2026-24661 is a denial-of-service vulnerability in Mattermost Plugins versions 0.0.0–2.3.2.0 where an attacker can cause memory exhaustion by sending oversized JSON payloads.
You are affected if you are running Mattermost Plugins versions between 0.0.0 and 2.3.2.0, inclusive. Upgrade to 2.3.2.0 or later to mitigate the risk.
Upgrade Mattermost Plugins to version 2.3.2.0 or later. As a temporary workaround, implement rate limiting on the {{/changes}} webhook endpoint.
There is currently no indication of active exploitation of CVE-2026-24661.
You can find the official Mattermost advisory for CVE-2026-24661 at Mattermost Advisory ID: MMSA-2026-00611.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.