Description
Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to handle incorrectly reported array lengths which allows malicious user to cause OOM errors and crash the server via sending corrupted msgpack frames within websocket messages to calls plugin. Mattermost Advisory ID: MMSA-2025-00537
INFO
Published Date :
2026-03-16T20:10:16.644Z
Last Modified :
2026-03-16T20:10:16.644Z
Source :
Mattermost
AFFECTED PRODUCTS
The following products are affected by CVE-2026-2454 vulnerability.
No data.
REFERENCES
Here, you will find a curated list of external links that provide in-depth information to CVE-2026-2454.
| URL | Resource |
|---|---|
| https://mattermost.com/security-updates |
|
CVSS Vulnerability Scoring System
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact