CVE-2026-3114

216.73.216.6

· Published 26/03/2026 17:16 · Modified 26/03/2026 17:16

Labels: CVE-2026-3114 2026-03-26 CVE-2026-3114 CWE-409 [email protected]

Essential information

Published: 26/03/2026 17:16
Modified: 26/03/2026 17:16
Author: —
Creator: —
CVSS: 6.5 MEDIUM (v3.1)
CISA KEV: No
CWE: —
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS metrics

Description

Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to validate decompressed archive entry sizes during file extraction which allows authenticated users with file upload permissions to cause a denial of service via crafted zip archives containing highly compressed entries (zip bombs) that exhaust server memory.. Mattermost Advisory ID: MMSA-2026-00598

NVD status

Status: Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
mattermost / mattermost	`cpe:2.3:a:mattermost:mattermost:10.11.0-10.11.11:::::::*`
mattermost / mattermost	`cpe:2.3:a:mattermost:mattermost:11.2.0-11.2.3:::::::*`
mattermost / mattermost	`cpe:2.3:a:mattermost:mattermost:11.3.0-11.3.1:::::::*`
mattermost / mattermost	`cpe:2.3:a:mattermost:mattermost:11.4.0:::::::*`