Description
Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to validate attachment URLs against internal or private IP ranges in the Mattermost Agents plugin MCP server which allows an attacker with access to the MCP server in stdio mode to perform server-side request forgery (SSRF) and exfiltrate data from internal network services via supplying internal URLs as file attachments in post creation requests.. Mattermost Advisory ID: MMSA-2026-00635
Published: 2026-06-26
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Mattermost versions 10.11.x through 10.11.18, 11.6.x through 11.6.3, and 11.5.x through 11.5.6 allow attachment URLs provided by users to bypass internal IP address filtering. The lack of validation enables an attacker with access to the MCP server in stdio mode to request arbitrary internal URLs from the server, potentially exfiltrating sensitive information. This flaw falls under CWE‑918, representing a server‑side request forgery weakness that can compromise confidentiality and possibly integrity of internal services.

Affected Systems

The affected vendor is Mattermost, specifically the Mattermost Mattermost product. The vulnerability applies to the listed versions: all 10.11.x releases up to 10.11.18, all 11.6.x releases up to 11.6.3, and all 11.5.x releases up to 11.5.6.

Risk and Exploitability

The CVSS score of 6.5 indicates a moderate severity. EPSS is not available, so the probability of exploitation is currently unknown. The vulnerability is not listed in CISA KEV. The attack requires the attacker to have access to the MCP server in stdio mode, so the vector is likely internal but could be leveraged by compromised internal users or services with such access.

Generated by OpenCVE AI on June 26, 2026 at 16:24 UTC.

Remediation

Vendor Solution

Update Mattermost to versions 11.7.0, 10.11.19, 11.6.4, 11.5.7 or higher.

OpenCVE Recommended Actions

  • Upgrade Mattermost to version 11.7.0, 10.11.19, 11.6.4, or 11.5.7 or later as recommended by the vendor
  • Restrict access to the MCP server in stdio mode to trusted administrators and consider disabling attachment URL processing if not required
  • Monitor POST creation logs for attachment URLs targeting internal IP ranges and configure alerts for suspicious activity

Generated by OpenCVE AI on June 26, 2026 at 16:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://mattermost.com/security-updates cve-icon
History

Fri, 26 Jun 2026 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Mattermost
Mattermost mattermost
Vendors & Products Mattermost
Mattermost mattermost

Fri, 26 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 26 Jun 2026 15:15:00 +0000

Type Values Removed Values Added
Description Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to validate attachment URLs against internal or private IP ranges in the Mattermost Agents plugin MCP server which allows an attacker with access to the MCP server in stdio mode to perform server-side request forgery (SSRF) and exfiltrate data from internal network services via supplying internal URLs as file attachments in post creation requests.. Mattermost Advisory ID: MMSA-2026-00635
Title SSRF via unvalidated attachment URLs in Mattermost Agents plugin MCP server
Weaknesses CWE-918
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N'}

Subscriptions

Mattermost Mattermost
cve-icon MITRE

Status: PUBLISHED

Assigner: Mattermost

Published:

Updated: 2026-06-26T15:40:33.300Z

Reserved: 2026-03-17T14:57:10.575Z

Link: CVE-2026-4339

cve-icon Vulnrichment

Updated: 2026-06-26T15:40:28.917Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T19:00:04Z

Weaknesses
  • CWE-918

    Server-Side Request Forgery (SSRF)