Terminal Manipulation Vulnerability in Mattermost by Mattermost
CVE-2026-3108

8HIGH

Key Information:

Vendor: Mattermost
Status: Mattermost
Vendor: CVE Published:; 26 March 2026

What is CVE-2026-3108?

A significant vulnerability exists in several versions of Mattermost, where user-controlled post content in the mmctl commands terminal output is not properly sanitized. This oversight allows attackers to influence administrator terminals with specially crafted messages that utilize ANSI and OSC escape sequences. These sequences enable malicious activities such as screen manipulation, creation of deceptive prompts, and clipboard hijacking, posing substantial risks to system integrity and user security. Source: MMSA-2026-00599

Affected Version(s)

Mattermost 11.2.0 <= 11.2.2

Mattermost 10.11.0 <= 10.11.10

Mattermost 11.4.0

References

https://mattermost.com/security-updates

vendor-advisory

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 26, 2026
Vulnerability Reserved
Feb 24, 2026

Credit

winfunc

CVE-2026-3108 Data

JSON