Nixpkgs security tracker
Untriaged
Permalink
CVE-2026-3116
4.9 MEDIUM
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): High (H)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): None (N)
- Integrity (I): None (N)
- Availability (A): High (H)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): High (H)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): None (N)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): None (N)
- Modified Availability (MA): High (H)
Activity log
- Created suggestion
Improper Input Validation in Zoom Plugin Webhook Handler
Mattermost Plugins versions <=11.4 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to validate incoming request size which allows an authenticated attacker to cause service disruption via the webhook endpoint. Mattermost Advisory ID: MMSA-2026-00589
References
-
MMSA-2026-00589 vendor-advisory
Affected products
Mattermost
- ==11.3.2
- =<10.11.11
- =<11.1.3
- ==11.5.0
- ==11.2.4
- ==10.11.12
- ==11.4.1
- =<11.3.2
- =<11.0.4
Matching in nixpkgs
pkgs.mattermost
Open source platform for secure collaboration across the entire software development lifecycle
pkgs.mattermostLatest
Open source platform for secure collaboration across the entire software development lifecycle
pkgs.mattermost-desktop
Mattermost Desktop client
pkgs.python312Packages.mattermostdriver
None
pkgs.python313Packages.mattermostdriver
Python Mattermost Driver
pkgs.python314Packages.mattermostdriver
Python Mattermost Driver
Package maintainers
-
@ryantm Ryan Mulligan <ryan@ryantm.com>
-
@mgdelacroix Miguel de la Cruz <mgdelacroix@gmail.com>
-
@numinit Morgan Jones <me+nixpkgs@numin.it>
-
@liff Olli Helenius <liff@iki.fi>
-
@jokogr Ioannis Koutras <ioannis.koutras@gmail.com>