VYPR
Low severity3.7NVD Advisory· Published Apr 9, 2026· Updated Apr 25, 2026

CVE-2026-21388

CVE-2026-21388

Description

Mattermost Plugins versions <=2.3.1 fail to limit the request body size on the {{/lifecycle}} webhook endpoint which allows an authenticated attacker to cause memory exhaustion and denial of service via sending an oversized JSON payload. Mattermost Advisory ID: MMSA-2026-00610

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/mattermost/mattermost-plugin-msteamsGo
< 1.15.1-0.20260213190728-6fe4d295592e1.15.1-0.20260213190728-6fe4d295592e

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.