Denial of Service Vulnerability in Mattermost Desktop App
CVE-2026-4643

3.5LOW

Key Information:

Vendor: Mattermost
Status: Mattermost
Vendor: CVE Published:; 18 May 2026

What is CVE-2026-4643?

The Mattermost Desktop App is affected by a vulnerability that allows a malicious server or plugin to exploit server-rendered content management. This issue arises when the app fails to prevent the closure of underlying application views. An attacker can invoke the {{window.close()}} command within the renderer context, leading to a denial of service condition at the client level. This can significantly disrupt users' ability to utilize the Mattermost client effectively, potentially halting their operations until the issue is resolved. It is crucial for users of affected versions to ensure they apply the latest security updates.

Affected Version(s)

Mattermost 0 <= 6.0.1

Mattermost 0 <= 5.4.13

Mattermost 6.2.0

References

https://mattermost.com/security-updates

vendor-advisory

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 18, 2026
Vulnerability Reserved
Mar 23, 2026

Credit

Devin Binnie

CVE-2026-4643 Data

JSON