Remote Code Execution Vulnerability in Mattermost Desktop App
CVE-2026-8075

6.5MEDIUM

Key Information:

Vendor

Mattermost

Vendor
CVE Published:
17 July 2026

What is CVE-2026-8075?

The Mattermost Desktop App has a vulnerability that allows an attacker to exploit a failure in null-checking for headers. This security flaw permits any user to potentially crash another channel member's app by posting a malicious link that includes an embedded image lacking proper headers. Users of versions 5.5.13, 6.0.2.0, and earlier iterations of 6.2 are particularly at risk. For further details, refer to the relevant Mattermost Advisory.

Affected Version(s)

Mattermost 0 <= 5.5.13

Mattermost 0 <= 6.0.2

Mattermost 6.3.0

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Jopraveen
.