CVE-2026-4643
Mattermost Desktop App Client-Side Denial of Service via window.close()
Publication date: 2026-05-18
Last updated on: 2026-05-18
Assigner: Mattermost, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mattermost | desktop_app | to 6.1 (inc) |
| mattermost | desktop_app | 6.0.1 |
| mattermost | desktop_app | 5.4.13.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-754 | The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects Mattermost Desktop App versions up to 6.1, 6.0.1, and 5.4.13.0. The app fails to prevent server-rendered content from closing an underlying application view. Specifically, a malicious server or plugin can invoke the JavaScript function {{window.close()}} within the renderer context, which causes the desktop client to crash.
This leads to a denial of service (DoS) condition at the client level, meaning the application becomes unusable or stops functioning properly due to the forced closure.
How can this vulnerability impact me? :
The primary impact of this vulnerability is a denial of service condition on the Mattermost Desktop client. A malicious server or plugin can crash the desktop application by forcing it to close unexpectedly.
This can disrupt communication and collaboration if you rely on the Mattermost Desktop App, causing inconvenience and potential loss of productivity.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update the Mattermost Desktop App to a version later than 6.1, 6.0.1, or 5.4.13.0, as these versions are affected by the issue.
Additionally, stay informed about security updates by subscribing to Mattermost's Security Bulletin and regularly checking their security updates page.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability described allows a malicious server or plugin to crash the Mattermost Desktop App client, leading to a denial of service condition at the client level.
There is no information provided in the available context or resources about how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.