Description
Mattermost Plugins versions <=11.4 10.11.11.0 fail to validate webhook request timestamps which allows an attacker to corrupt Zoom meeting state in Mattermost via replayed webhook requests. Mattermost Advisory ID: MMSA-2026-00584
Published: 2026-03-26
Score: 2.2 Low
EPSS: < 1% Very Low
KEV: No
Impact: Replayable webhook requests can corrupt Zoom meeting state in Mattermost
Action: Patch
AI Analysis

Impact

The vulnerability arises from a missing validation of timestamps in the Zoom webhook handler of Mattermost Plugins. Since the plugin does not verify that incoming webhook messages are fresh, an attacker can replay old requests, which in turn can manipulate the state of Zoom meetings integrated within Mattermost, potentially leading to unauthorized configuration changes or disabling of meetings. The weakness is categorized as CWE‑754.

Affected Systems

Mattermost Plugins versions 11.4 and earlier, and 10.11.11.0 and earlier, are impacted. This flaw applies specifically to the Zoom integration component that handles webhook callbacks, allowing attackers to abuse replayed webhook requests on affected servers.

Risk and Exploitability

The CVSS score of 2.2 indicates a low severity under normal circumstances, and the vulnerability is not listed in CISA’s Known Exploited Vulnerabilities catalog. Exploitation would require an attacker to send replayed webhook requests to the vulnerable Mattermost instance, typically over the Internet via the Zoom API. The most likely attack vector is remote web traffic targeting the Zoom webhook endpoint, and the presence of no EPSS score suggests low current exploit activity. Overall, while the impact to a single meeting is limited, the ability to repeatedly manipulate meeting state poses a moderate operational risk.

Generated by OpenCVE AI on March 26, 2026 at 17:22 UTC.

Remediation

Vendor Solution

Update Mattermost Plugins to versions 11.5.0, 10.11.12 or higher.

OpenCVE Recommended Actions

  • Apply the Mattermost plugin update to version 11.5.0, 10.11.12, or newer.
  • Verify that the updated plugin now enforces timestamp validation for Zoom webhook calls.
  • If an immediate patch is not feasible, restrict access to the Zoom webhook endpoint to known trusted IP ranges or disable the integration until remediation is applied.
  • Continuously monitor webhook logs for suspicious replay attempts and investigate any anomalies promptly.

Generated by OpenCVE AI on March 26, 2026 at 17:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://mattermost.com/security-updates cve-icon cve-icon
History

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Mattermost
Mattermost mattermost
Vendors & Products Mattermost
Mattermost mattermost

Thu, 26 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
Description Mattermost Plugins versions <=11.4 10.11.11.0 fail to validate webhook request timestamps which allows an attacker to corrupt Zoom meeting state in Mattermost via replayed webhook requests. Mattermost Advisory ID: MMSA-2026-00584
Title Missing timestamp validation in Zoom webhook handler
Weaknesses CWE-754
References
Metrics cvssV3_1

{'score': 2.2, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L'}

Subscriptions

Mattermost Mattermost
cve-icon MITRE

Status: PUBLISHED

Assigner: Mattermost

Published:

Updated: 2026-03-26T19:52:11.107Z

Reserved: 2026-02-24T10:53:41.124Z

Link: CVE-2026-3109

cve-icon Vulnrichment

Updated: 2026-03-26T19:50:43.961Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-03-26T17:16:41.967

Modified: 2026-03-30T13:26:50.827

Link: CVE-2026-3109

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:26:19Z

Weaknesses