CVE-2026-3108
Received Received - Intake
ANSI Escape Injection in Mattermost mmctl Allows Terminal Manipulation

Publication date: 2026-03-26

Last updated on: 2026-03-30

Assigner: Mattermost, Inc.

Description
Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail to sanitize user-controlled post content in the mmctl commands terminal output which allows attackers to manipulate administrator terminals via crafted messages containing ANSI and OSC escape sequences that enable screen manipulation, fake prompts, and clipboard hijacking.. Mattermost Advisory ID: MMSA-2026-00599
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-26
Last Modified
2026-03-30
Generated
2026-06-16
AI Q&A
2026-03-26
EPSS Evaluated
2026-06-15
NVD
CVE-2026-3108
EUVD
EUVD-2026-16234
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
mattermost mattermost_server From 10.11.0 (inc) to 10.11.11 (exc)
mattermost mattermost_server From 11.2.0 (inc) to 11.2.3 (exc)
mattermost mattermost_server From 11.3.0 (inc) to 11.3.2 (exc)
mattermost mattermost_server 11.4.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-150 The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as escape, meta, or control character sequences when they are sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in certain versions of Mattermost where the software fails to properly sanitize user-controlled post content in the mmctl commands terminal output.

Attackers can exploit this by crafting messages that contain ANSI and OSC escape sequences, which are special codes used to control terminal behavior.

These crafted messages can manipulate administrator terminals by enabling screen manipulation, creating fake prompts, and hijacking the clipboard.

Impact Analysis

The vulnerability can lead to serious impacts including unauthorized manipulation of administrator terminal displays.

Attackers can create fake prompts that may trick administrators into entering sensitive information.

Clipboard hijacking can result in sensitive data being stolen or replaced without the administrator's knowledge.

Overall, this can lead to compromise of confidentiality, integrity, and availability of the system.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-3108. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart