Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to validate the length and content of message attachment field values, which allows an authenticated attacker to cause a denial of service for all users in a channel via a post containing a specially crafted payload that triggers catastrophic backtracking in the client-side markdown parser.. Mattermost Advisory ID: MMSA-2026-00658

Project Subscriptions

Vendors Products
Mattermost Subscribe
Mattermost Subscribe
Advisories

No advisories yet.

Fixes

Solution

Update Mattermost to versions 11.8.0, 11.7.3, 11.6.5, 10.11.20 or higher.


Workaround

No workaround given by the vendor.

References
History

Mon, 13 Jul 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Mattermost
Mattermost mattermost
Vendors & Products Mattermost
Mattermost mattermost

Mon, 13 Jul 2026 08:45:00 +0000

Type Values Removed Values Added
Description Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to validate the length and content of message attachment field values, which allows an authenticated attacker to cause a denial of service for all users in a channel via a post containing a specially crafted payload that triggers catastrophic backtracking in the client-side markdown parser.. Mattermost Advisory ID: MMSA-2026-00658
Title Crafted message attachment causes client-side denial of service via markdown parser regex backtracking in Mattermost
Weaknesses CWE-1333
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}


Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: Mattermost

Published:

Updated: 2026-07-13T08:13:02.883Z

Reserved: 2026-04-22T10:05:15.625Z

Link: CVE-2026-6850

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-13T09:30:04Z

Weaknesses