CVE-2026-3109
Analyzed Analyzed - Analysis Complete

Timestamp Validation Bypass in Mattermost Plugins Enables Zoom State Corruption

Vulnerability report for CVE-2026-3109, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-26

Last updated on: 2026-06-08

Assigner: Mattermost, Inc.

Description

Mattermost Plugins versions <=11.4 10.11.11.0 fail to validate webhook request timestamps which allows an attacker to corrupt Zoom meeting state in Mattermost via replayed webhook requests. Mattermost Advisory ID: MMSA-2026-00584

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-26
Last Modified
2026-06-08
Generated
2026-07-06
AI Q&A
2026-03-26
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
mattermost mattermost_server From 10.11.0 (inc) to 10.11.12 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-754 The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in Mattermost Plugins versions up to 11.4 10.11.11.0, where the plugins fail to validate webhook request timestamps. This flaw allows an attacker to replay webhook requests, which can corrupt the Zoom meeting state within Mattermost.

Impact Analysis

The impact of this vulnerability is limited to the potential corruption of Zoom meeting state in Mattermost. Because the vulnerability allows replayed webhook requests, it could disrupt meeting information or cause inconsistencies in meeting management. The CVSS score indicates a low severity with no impact on confidentiality or integrity, but a low impact on availability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-3109. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart