Denial of Service Vulnerability in Mattermost by Mattermost, Inc.
CVE-2026-6850
6.5MEDIUM
What is CVE-2026-6850?
Mattermost versions 11.7.x (up to 11.7.2), 11.6.x (up to 11.6.4), and 10.11.x (up to 10.11.19) contain a security flaw that compromises the validation of message attachment lengths. This flaw permits authenticated attackers to launch a denial of service attack against all users within a channel. By submitting a meticulously crafted payload that induces catastrophic backtracking in the client-side markdown parser, an attacker can disrupt normal operations and prevent users from accessing essential channel communications.
Affected Version(s)
Mattermost 11.7.0 <= 11.7.2
Mattermost 11.6.0 <= 11.6.4
Mattermost 10.11.0 <= 10.11.19