CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-21388

Mattermost Plugins versions <=2.3.1 fail to limit the request body size on the {{/lifecycle}} webhook endpoint which allows an authenticated attacker to cause memory exhaustion and denial of service via sending an oversized JSON payload. Mattermost Advisory ID: MMSA-2026-00610

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 15.7%

CVSS Severity

CVSS v3 Score 3.7

References

https://mattermost.com/security-updates

Products affected by CVE-2026-21388

Mattermost » Mattermost » Version: N/A

cpe:2.3:a:mattermost:mattermost:-
Mattermost » Mattermost » Version: 1.21.0

cpe:2.3:a:mattermost:mattermost:1.21.0
Mattermost » Mattermost » Version: 1.21.1

cpe:2.3:a:mattermost:mattermost:1.21.1
Mattermost » Mattermost » Version: 1.21.2

cpe:2.3:a:mattermost:mattermost:1.21.2
Mattermost » Mattermost » Version: 1.22.0

cpe:2.3:a:mattermost:mattermost:1.22.0
Mattermost » Mattermost » Version: 1.22.1

cpe:2.3:a:mattermost:mattermost:1.22.1
Mattermost » Mattermost » Version: 1.23.0

cpe:2.3:a:mattermost:mattermost:1.23.0
Mattermost » Mattermost » Version: 1.23.1

cpe:2.3:a:mattermost:mattermost:1.23.1
Mattermost » Mattermost » Version: 1.24.0

cpe:2.3:a:mattermost:mattermost:1.24.0
Mattermost » Mattermost » Version: 1.25.0

cpe:2.3:a:mattermost:mattermost:1.25.0
Mattermost » Mattermost » Version: 1.25.1

cpe:2.3:a:mattermost:mattermost:1.25.1
Mattermost » Mattermost » Version: 1.26.0

cpe:2.3:a:mattermost:mattermost:1.26.0
Mattermost » Mattermost » Version: 1.26.1

cpe:2.3:a:mattermost:mattermost:1.26.1
Mattermost » Mattermost » Version: 1.26.2

cpe:2.3:a:mattermost:mattermost:1.26.2
Mattermost » Mattermost » Version: 1.27.0

cpe:2.3:a:mattermost:mattermost:1.27.0
Mattermost » Mattermost » Version: 1.27.1

cpe:2.3:a:mattermost:mattermost:1.27.1
Mattermost » Mattermost » Version: 1.28.0

cpe:2.3:a:mattermost:mattermost:1.28.0
Mattermost » Mattermost » Version: 1.29.0

cpe:2.3:a:mattermost:mattermost:1.29.0
Mattermost » Mattermost » Version: 1.30.0

cpe:2.3:a:mattermost:mattermost:1.30.0
Mattermost » Mattermost » Version: 1.30.1

cpe:2.3:a:mattermost:mattermost:1.30.1
Mattermost » Mattermost » Version: 1.31.0

cpe:2.3:a:mattermost:mattermost:1.31.0
Mattermost » Mattermost » Version: 1.31.1

cpe:2.3:a:mattermost:mattermost:1.31.1
Mattermost » Mattermost » Version: 1.31.2

cpe:2.3:a:mattermost:mattermost:1.31.2
Mattermost » Mattermost » Version: 1.32.0

cpe:2.3:a:mattermost:mattermost:1.32.0
Mattermost » Mattermost » Version: 1.32.1

cpe:2.3:a:mattermost:mattermost:1.32.1
Mattermost » Mattermost » Version: 1.32.2

cpe:2.3:a:mattermost:mattermost:1.32.2
Mattermost » Mattermost » Version: 1.33.0

cpe:2.3:a:mattermost:mattermost:1.33.0
Mattermost » Mattermost » Version: 1.33.1

cpe:2.3:a:mattermost:mattermost:1.33.1
Mattermost » Mattermost » Version: 1.34.0

cpe:2.3:a:mattermost:mattermost:1.34.0
Mattermost » Mattermost » Version: 1.34.1

cpe:2.3:a:mattermost:mattermost:1.34.1
Mattermost » Mattermost » Version: 1.35.0

cpe:2.3:a:mattermost:mattermost:1.35.0
Mattermost » Mattermost » Version: 1.35.1

cpe:2.3:a:mattermost:mattermost:1.35.1
Mattermost » Mattermost » Version: 1.36.0

cpe:2.3:a:mattermost:mattermost:1.36.0
Mattermost » Mattermost » Version: 1.37.0

cpe:2.3:a:mattermost:mattermost:1.37.0
Mattermost » Mattermost » Version: 1.38.0

cpe:2.3:a:mattermost:mattermost:1.38.0
Mattermost » Mattermost » Version: 1.38.1

cpe:2.3:a:mattermost:mattermost:1.38.1
Mattermost » Mattermost » Version: 1.39.0

cpe:2.3:a:mattermost:mattermost:1.39.0
Mattermost » Mattermost » Version: 1.40.0

cpe:2.3:a:mattermost:mattermost:1.40.0
Mattermost » Mattermost » Version: 1.41.0

cpe:2.3:a:mattermost:mattermost:1.41.0
Mattermost » Mattermost » Version: 1.41.1

cpe:2.3:a:mattermost:mattermost:1.41.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-21388

Products

Pricing

Contact Us