VDB
CVE-2026-27656
CVE-2026-27656
PUBLISHED
CVSS 5.699999809265137 MEDIUM
Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to prevent rendering of external SVGs on link embeds which allows unauthenticated users to crash the Mattermost webapp and desktop app via creating an issue or PR on GitHub.. Mattermost Advisory ID: MMSA-2026-00595
EPSS 0.04% · 11.5th percentile
Risk Scores
CVSS v3.1
5.699999809265137
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
EPSS Score
0.04%
11.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mattermost | Mattermost | 10.11.12, 11.4.0, 11.3.0 |
| mattermost | mattermost_server | 11.3.0, 11.2.0, 11.4.0 |
Timeline
- Feb 24, 2026 CVE Published
- Mar 25, 2026 Coalition ESS Score
- Mar 25, 2026 PoC Published
- Mar 26, 2026 CVE Updated
- Mar 26, 2026 PoC Published
- Mar 26, 2026 Security Advisory
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
References
- MMSA-2026-00590 vendor-advisory
- https://mattermost.com/security-updates/ advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-27656 advisory