Unrated severityNVD Advisory· Published Mar 16, 2026· Updated Mar 17, 2026
DoS in Calls plugin via malformed msgpack in websocket request.
CVE-2026-2454
Description
Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to handle incorrectly reported array lengths which allows malicious user to cause OOM errors and crash the server via sending corrupted msgpack frames within websocket messages to calls plugin. Mattermost Advisory ID: MMSA-2025-00537
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<=11.3.0, <=11.2.2, <=10.11.10+ 1 more
- (no CPE)range: <=11.3.0, <=11.2.2, <=10.11.10
- (no CPE)range: 11.3.0
Patches
Vulnerability mechanics
References
1- mattermost.com/security-updatesmitrevendor-advisory
News mentions
0No linked articles in our index yet.