CVE-2026-4643
Analyzed Analyzed - Analysis Complete

Mattermost Desktop App Client-Side Denial of Service via window.close()

Publication date: 2026-05-18

Last updated on: 2026-06-05

Assigner: Mattermost, Inc.

Description
Mattermost Desktop App versions <=6.1 6.0.1 5.4.13.0 fail to prevent server-rendered content from closing an underlying application view in the Mattermost Desktop App which allows a malicious server or plugin to crash the desktop client via invoking {{window.close()}} in the renderer context, leading to a denial of service condition at the client level. Mattermost Advisory ID: MMSA-2026-00633

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-18
Last Modified
2026-06-05
Generated
2026-06-30
AI Q&A
2026-05-19
EPSS Evaluated
2026-06-28
NVD
CVE-2026-4643

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
mattermost mattermost_desktop to 5.4.13.0 (inc)
mattermost mattermost_desktop From 6.1.0 (inc) to 6.2.0 (exc)
mattermost mattermost_desktop From 6.0.0 (inc) to 6.0.1 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-754 The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The vulnerability described allows a malicious server or plugin to crash the Mattermost Desktop App client, leading to a denial of service condition at the client level.

There is no information provided in the available context or resources about how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

This vulnerability affects Mattermost Desktop App versions up to 6.1, 6.0.1, and 5.4.13.0. The app fails to prevent server-rendered content from closing an underlying application view. Specifically, a malicious server or plugin can invoke the JavaScript function {{window.close()}} within the renderer context, which causes the desktop client to crash.

This leads to a denial of service (DoS) condition at the client level, meaning the application becomes unusable or stops functioning properly due to the forced closure.

Impact Analysis

The primary impact of this vulnerability is a denial of service condition on the Mattermost Desktop client. A malicious server or plugin can crash the desktop application by forcing it to close unexpectedly.

This can disrupt communication and collaboration if you rely on the Mattermost Desktop App, causing inconvenience and potential loss of productivity.

Mitigation Strategies

To mitigate this vulnerability, you should update the Mattermost Desktop App to a version later than 6.1, 6.0.1, or 5.4.13.0, as these versions are affected by the issue.

Additionally, stay informed about security updates by subscribing to Mattermost's Security Bulletin and regularly checking their security updates page.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4643. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart