Impact
Mattermost versions 11.7.x through 10.11.x fail to validate the length and content of message attachment fields, allowing an authenticated user to embed a specially crafted payload that triggers catastrophic backtracking in the client‑side markdown parser. The flaw leads to a denial of service for all users in a channel by exhausting client resources and rendering the interface unresponsive. The weakness is a regex backtracking issue, identified as CWE‑1333, which directly impacts application availability.
Affected Systems
The vulnerability affects Mattermost products from version 10.11.0 to 10.11.19, 11.6.0 to 11.6.4, and 11.7.0 to 11.7.2. Any installation of Mattermost within these version ranges is susceptible. Administrators should verify the installed release against these affected ranges.
Risk and Exploitability
The CVSS score of 6.5 reflects a moderate severity, and the exploitability is reasonable given the requirement for authentication and the presence of a crafted payload. Because the attack occurs client‑side, malicious content can be shared through normal posting mechanisms; an attacker in a channel can simply post the payload and cause a distributed service disruption for all users. While there is no EPSS score available and the vulnerability is not listed in the CISA KEV catalog, the potential for channel‑wide denial of service is significant for teams relying on continuous collaboration.
OpenCVE Enrichment