CVE-2026-3472
Analyzed Analyzed - Analysis Complete

Markdown Image Exfiltration in Mattermost AI Bot Tool

Vulnerability report for CVE-2026-3472, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-26

Last updated on: 2026-06-29

Assigner: Mattermost, Inc.

Description

Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to properly apply markdown image rendering restrictions to AI bot tool result posts, which allows an authenticated attacker to exfiltrate data to an attacker-controlled server via injecting markdown image syntax into tool result content rendered by a victim's client.. Mattermost Advisory ID: MMSA-2026-00619

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-26
Last Modified
2026-06-29
Generated
2026-07-16
AI Q&A
2026-06-26
EPSS Evaluated
2026-07-15
NVD
EUVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
mattermost mattermost_server From 10.11.0 (inc) to 10.11.19 (exc)
mattermost mattermost_server From 11.5.0 (inc) to 11.5.7 (exc)
mattermost mattermost_server From 11.6.0 (inc) to 11.6.4 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-693 The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability affects certain versions of Mattermost (10.11.x up to 10.11.18, 11.6.x up to 11.6.3, and 11.5.x up to 11.5.6) where markdown image rendering restrictions are not properly applied to AI bot tool result posts.

Because of this, an authenticated attacker can inject markdown image syntax into the content generated by AI bot tools. When a victim's client renders this content, it can cause data to be exfiltrated to a server controlled by the attacker.

Impact Analysis

The vulnerability allows an authenticated attacker to exfiltrate data from a victim's client by injecting malicious markdown image syntax into AI bot tool result posts.

This could lead to unauthorized disclosure of sensitive information to an attacker-controlled server.

The CVSS score of 3.5 indicates a low severity impact, with limited confidentiality impact and no integrity or availability impact.

Compliance Impact

The vulnerability allows an authenticated attacker to exfiltrate data to an attacker-controlled server by injecting markdown image syntax into AI bot tool result posts rendered by a victim's client.

Such unauthorized data exfiltration could potentially lead to violations of data protection regulations like GDPR or HIPAA, which require safeguarding personal and sensitive information against unauthorized access or disclosure.

However, the provided information does not explicitly state the impact on compliance with these standards.

Mitigation Strategies

To mitigate this vulnerability, you should update Mattermost to a version later than 10.11.18 for the 10.11.x branch, later than 11.6.3 for the 11.6.x branch, or later than 11.5.6 for the 11.5.x branch, where the markdown image rendering restrictions issue has been fixed.

Additionally, stay informed about security updates by subscribing to Mattermost's Security Bulletin and regularly checking their security updates page.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-3472. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart