Denial of Service Vulnerability in Mattermost Product from Mattermost
CVE-2026-5308

4.9MEDIUM

Key Information:

Vendor: Mattermost
Status: Mattermost
Vendor: CVE Published:; 22 May 2026

What is CVE-2026-5308?

Mattermost versions up to 11.6.0 in the 11.6.x series, 11.5.3 in the 11.5.x series, 11.4.4 in the 11.4.x series, and 10.11.14 in the 10.11.x series are susceptible to a denial of service attack. This vulnerability arises from the failure to enforce request body size limits on plugin HTTP endpoints. An attacker could exploit this weakness by sending specially crafted oversized HTTP requests, potentially disrupting service availability.

Affected Version(s)

Mattermost 11.6.0

Mattermost 11.5.0 <= 11.5.3

Mattermost 11.4.0 <= 11.4.4

References

https://mattermost.com/security-updates

vendor-advisory

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 22, 2026
Vulnerability Reserved
Apr 1, 2026

Credit

thecybertantrik

CVE-2026-5308 Data

JSON