CVE-2026-6340
MEDIUM
4,3
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: low
Description
AI Translation Available
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to validate 7zip archive structure before processing which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted 7zip file with excessive folder declarations.. Mattermost Advisory ID: MMSA-2026-00573
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0004
Percentile
0,1th
Updated
EPSS Score Trend (Last 3 Days)
789
Memory Allocation with Excessive Size Value
DraftCommon Consequences
Security Scopes Affected:
Availability
Potential Impacts:
Dos: Resource Consumption (Memory)
Applicable Platforms
Languages:
C, C++, Not Language-Specific
Application
Mattermost Server by Mattermost
Version Range Affected
From
10.11.0
(inclusive)
To
10.11.14
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Mattermost Server by Mattermost
Version Range Affected
From
11.5.0
(inclusive)
To
11.5.2
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Mattermost Server by Mattermost
Version Range Affected
From
11.4.0
(inclusive)
To
11.4.4
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://mattermost.com/security-updates