Low severity3.7NVD Advisory· Published Apr 9, 2026· Updated Apr 17, 2026
CVE-2026-24661
CVE-2026-24661
Description
Mattermost Plugins versions <=2.1.3.0 fail to limit the request body size on the {{/changes}} webhook endpoint which allows an authenticated attacker to cause memory exhaustion and denial of service via sending an oversized JSON payload. Mattermost Advisory ID: MMSA-2026-00611
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/mattermost/mattermost-plugin-msteamsGo | < 1.15.1-0.20260213190728-6fe4d295592e | 1.15.1-0.20260213190728-6fe4d295592e |
Affected products
2- ghsa-coordsRange: < 1.15.1-0.20260213190728-6fe4d295592e
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-5rfv-h47g-xj42ghsaADVISORY
- mattermost.com/security-updatesnvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2026-24661ghsaADVISORY
- github.com/mattermost/mattermost-plugin-msteams/commit/6fe4d295592ecc8767d67e69286cbeec01be3210ghsaWEB
- github.com/mattermost/mattermost-plugin-msteams/releases/tag/v2.3.2ghsaWEB
News mentions
0No linked articles in our index yet.