Low severity2.2NVD Advisory· Published Mar 26, 2026· Updated Jun 8, 2026
CVE-2026-3109
CVE-2026-3109
Description
Mattermost Plugins versions <=11.4 10.11.11.0 fail to validate webhook request timestamps which allows an attacker to corrupt Zoom meeting state in Mattermost via replayed webhook requests. Mattermost Advisory ID: MMSA-2026-00584
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*range: >=10.11.0,<10.11.12
- (no CPE)range: 0
- Range: <=11.4 10.11.11.0
Patches
Vulnerability mechanics
References
1- mattermost.com/security-updatesnvdVendor Advisory
News mentions
0No linked articles in our index yet.