Denial of Service Vulnerability in Mattermost by Mattermost, Inc.
CVE-2026-6850

6.5MEDIUM

Key Information:

Vendor

Mattermost

Vendor
CVE Published:
13 July 2026

What is CVE-2026-6850?

Mattermost versions 11.7.x (up to 11.7.2), 11.6.x (up to 11.6.4), and 10.11.x (up to 10.11.19) contain a security flaw that compromises the validation of message attachment lengths. This flaw permits authenticated attackers to launch a denial of service attack against all users within a channel. By submitting a meticulously crafted payload that induces catastrophic backtracking in the client-side markdown parser, an attacker can disrupt normal operations and prevent users from accessing essential channel communications.

Affected Version(s)

Mattermost 11.7.0 <= 11.7.2

Mattermost 11.6.0 <= 11.6.4

Mattermost 10.11.0 <= 10.11.19

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

idr
.