CVE-2026-3472
Undergoing Analysis Undergoing Analysis - In Progress
Markdown Image Exfiltration in Mattermost AI Bot Tool

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: Mattermost, Inc.

Description
Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to properly apply markdown image rendering restrictions to AI bot tool result posts, which allows an authenticated attacker to exfiltrate data to an attacker-controlled server via injecting markdown image syntax into tool result content rendered by a victim's client.. Mattermost Advisory ID: MMSA-2026-00619
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-06-26
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2026-3472
EUVD
EUVD-2026-39775
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
mattermost mattermost to 10.11.18 (inc)
mattermost mattermost to 11.6.3 (inc)
mattermost mattermost to 11.5.6 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-693 The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects certain versions of Mattermost (10.11.x up to 10.11.18, 11.6.x up to 11.6.3, and 11.5.x up to 11.5.6) where markdown image rendering restrictions are not properly applied to AI bot tool result posts.

Because of this, an authenticated attacker can inject markdown image syntax into the content generated by AI bot tools. When a victim's client renders this content, it can cause data to be exfiltrated to a server controlled by the attacker.

Impact Analysis

The vulnerability allows an authenticated attacker to exfiltrate data from a victim's client by injecting malicious markdown image syntax into AI bot tool result posts.

This could lead to unauthorized disclosure of sensitive information to an attacker-controlled server.

The CVSS score of 3.5 indicates a low severity impact, with limited confidentiality impact and no integrity or availability impact.

Mitigation Strategies

To mitigate this vulnerability, you should update Mattermost to a version later than 10.11.18 for the 10.11.x branch, later than 11.6.3 for the 11.6.x branch, or later than 11.5.6 for the 11.5.x branch, where the markdown image rendering restrictions issue has been fixed.

Additionally, stay informed about security updates by subscribing to Mattermost's Security Bulletin and regularly checking their security updates page.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-3472. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart