CVE-2026-4339
Undergoing Analysis Undergoing Analysis - In Progress
Server-Side Request Forgery in Mattermost MCP Server

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: Mattermost, Inc.

Description
Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to validate attachment URLs against internal or private IP ranges in the Mattermost Agents plugin MCP server which allows an attacker with access to the MCP server in stdio mode to perform server-side request forgery (SSRF) and exfiltrate data from internal network services via supplying internal URLs as file attachments in post creation requests.. Mattermost Advisory ID: MMSA-2026-00635
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-06-26
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2026-4339
EUVD
EUVD-2026-39779
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
mattermost mattermost to 10.11.18 (inc)
mattermost mattermost to 11.6.3 (inc)
mattermost mattermost to 11.5.6 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in certain versions of Mattermost where the Agents plugin MCP server does not properly validate attachment URLs against internal or private IP ranges.

An attacker with access to the MCP server in stdio mode can exploit this by supplying internal URLs as file attachments in post creation requests.

This allows the attacker to perform server-side request forgery (SSRF), potentially exfiltrating data from internal network services.

Impact Analysis

The vulnerability can allow an attacker with limited access to the MCP server to perform SSRF attacks.

This can lead to unauthorized access to internal network services and exfiltration of sensitive data.

The CVSS score of 6.5 indicates a medium severity impact, with high confidentiality impact but no impact on integrity or availability.

Detection Guidance

This vulnerability involves the Mattermost Agents plugin MCP server failing to validate attachment URLs against internal or private IP ranges, allowing SSRF attacks via file attachments in post creation requests.

To detect exploitation attempts on your network or system, monitor for unusual outbound requests originating from the MCP server to internal IP addresses or private network ranges.

Specific commands or detection tools are not provided in the available resources.

Mitigation Strategies

Immediate mitigation steps include updating Mattermost to a version later than 10.11.18, 11.6.3, or 11.5.6, where this vulnerability has been addressed.

Additionally, restrict access to the MCP server in stdio mode to trusted users only, and monitor or block outgoing requests to internal IP ranges from the MCP server.

For official updates and patches, refer to Mattermost's security updates page.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4339. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart