High severityNVD Advisory· Published Mar 26, 2026· Updated Mar 27, 2026
Terminal Escape Injection in mmctl Report Posts Command
CVE-2026-3108
Description
Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail to sanitize user-controlled post content in the mmctl commands terminal output which allows attackers to manipulate administrator terminals via crafted messages containing ANSI and OSC escape sequences that enable screen manipulation, fake prompts, and clipboard hijacking.. Mattermost Advisory ID: MMSA-2026-00599
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/mattermost/mattermost/server/v8Go | >= 11.4.0-rc1, < 11.4.1 | 11.4.1 |
github.com/mattermost/mattermost/server/v8Go | >= 11.3.0-rc1, < 11.3.2 | 11.3.2 |
github.com/mattermost/mattermost/server/v8Go | >= 11.2.0-rc1, < 11.2.3 | 11.2.3 |
github.com/mattermost/mattermost/server/v8Go | >= 10.11.0-rc1, < 10.11.11 | 10.11.11 |
github.com/mattermost/mattermost/server/v8Go | >= 8.0.0-20260105080200-d27a2195068d, < 8.0.0-20260217110922-b7d4a1f1f59b | 8.0.0-20260217110922-b7d4a1f1f59b |
Affected products
2- Range: 11.2.0
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-3439-vqgj-2gcfghsaADVISORY
- mattermost.com/security-updatesghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2026-3108ghsaADVISORY
News mentions
0No linked articles in our index yet.