MS Teams 插件 {{/lifecycle}} Webhook 端点中未限制的请求体读取

Mattermost Plugins版本低于2.3.2.0的CVE-2026-21388允许经过身份验证的攻击者通过向'{{/lifecycle}}' webhook端点发送过大的JSON负载，导致内存耗尽和拒绝服务（DoS）。由于缺乏对请求体大小的限制，恶意攻击者可以使服务器被数据淹没，消耗资源，并可能干扰其他用户的服务。此漏洞的严重性在于它可能影响Mattermost系统的可用性，尤其是在webhook被广泛用于与其他应用程序集成的环境中。

Organizations utilizing Mattermost Plugins, particularly those with custom integrations or plugins that heavily rely on webhooks, are at risk. Environments with weak authentication controls or compromised user accounts are more vulnerable, as successful exploitation requires authentication. Shared hosting environments where multiple users share the same Mattermost instance could also be affected.

• linux / server: Monitor Mattermost plugin process memory usage using top or htop. Look for unusually high memory consumption.

top -u mattermost

• generic web: Examine Mattermost access logs for unusually large POST requests to the {{/lifecycle}} endpoint.

grep '{{/lifecycle}}' /var/log/nginx/access.log | awk '{print $7}' | sort -n | tail -1

• go: Review Mattermost plugin code for proper request body size validation on the {{/lifecycle}} endpoint. Look for missing or inadequate size checks.

1. 2026-04-09Disclosure

   disclosure

1. 已保留2026-02-11
2. 发布日期2026-04-09
3. EPSS 更新日期2026-04-16

为了减轻与CVE-2026-21388相关的风险，强烈建议将Mattermost Plugins升级到版本2.3.2.0或更高版本。此更新包含对漏洞的修复，方法是在'{{/lifecycle}}' webhook端点处实施请求体大小限制。此外，请审核现有的webhook配置，以确保它们未被用于发送过大的负载。监控Mattermost服务器的资源使用情况可以帮助检测和响应潜在的拒绝服务攻击。