CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-21388

Mattermost Plugins versions <=2.3.1 fail to limit the request body size on the {{/lifecycle}} webhook endpoint which allows an authenticated attacker to cause memory exhaustion and denial of service via sending an oversized JSON payload. Mattermost Advisory ID: MMSA-2026-00610

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 4.9%

CVSS Severity

CVSS v3 Score 3.7

References

https://mattermost.com/security-updates

Products affected by CVE-2026-21388

Mattermost » Mattermost Server » Version: N/A

cpe:2.3:a:mattermost:mattermost_server:-
Mattermost » Mattermost Server » Version: 0.5.0

cpe:2.3:a:mattermost:mattermost_server:0.5.0
Mattermost » Mattermost Server » Version: 0.6.0

cpe:2.3:a:mattermost:mattermost_server:0.6.0
Mattermost » Mattermost Server » Version: 1.0.0

cpe:2.3:a:mattermost:mattermost_server:1.0.0
Mattermost » Mattermost Server » Version: 1.1.0

cpe:2.3:a:mattermost:mattermost_server:1.1.0
Mattermost » Mattermost Server » Version: 1.1.1

cpe:2.3:a:mattermost:mattermost_server:1.1.1
Mattermost » Mattermost Server » Version: 1.2.0

cpe:2.3:a:mattermost:mattermost_server:1.2.0
Mattermost » Mattermost Server » Version: 1.2.1

cpe:2.3:a:mattermost:mattermost_server:1.2.1
Mattermost » Mattermost Server » Version: 1.3.0

cpe:2.3:a:mattermost:mattermost_server:1.3.0
Mattermost » Mattermost Server » Version: 1.4.0

cpe:2.3:a:mattermost:mattermost_server:1.4.0
Mattermost » Mattermost Server » Version: 2.0.0

cpe:2.3:a:mattermost:mattermost_server:2.0.0
Mattermost » Mattermost Server » Version: 2.1.0

cpe:2.3:a:mattermost:mattermost_server:2.1.0
Mattermost » Mattermost Server » Version: 2.2.0

cpe:2.3:a:mattermost:mattermost_server:2.2.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-21388

Products

Pricing

Contact Us