Security Advisory

CVE-2026-21388

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-09 10:09:23

Last updated 2026-04-09 11:44:54

Assigner Mattermost

State PUBLISHED

Description

Mattermost Plugins versions <=2.3.1 fail to limit the request body size on the {{/lifecycle}} webhook endpoint which allows an authenticated attacker to cause memory exhaustion and denial of service via sending an oversized JSON payload. Mattermost Advisory ID: MMSA-2026-00610

← Browse all CVEs View on cve.org ↗