CVE-2026-8683
Received Received - Intake
Mattermost Desktop App URL Handling Denial of Service

Publication date: 2026-06-15

Last updated on: 2026-06-15

Assigner: Mattermost, Inc.

Description
Mattermost Desktop App versions <=6.1 5.5.13.0 fail to account for attempting to open extremely long URLs in the Mattermost Desktop App which allows a malicious server owner to crash the application via including a script to call window.open on a very large URL. Mattermost Advisory ID: MMSA-2026-00652
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-15
Last Modified
2026-06-15
Generated
2026-06-15
AI Q&A
2026-06-15
EPSS Evaluated
N/A
NVD
CVE-2026-8683
EUVD
EUVD-2026-36732
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
mattermost desktop_app to 6.1 (inc)
mattermost desktop_app 5.5.13.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects Mattermost Desktop App versions up to 6.1 5.5.13.0. It occurs because the application does not properly handle attempts to open extremely long URLs. A malicious server owner can exploit this by including a script that calls window.open with a very large URL, which causes the application to crash.

Impact Analysis

The impact of this vulnerability is that an attacker can cause the Mattermost Desktop App to crash by sending or including a very long URL that triggers the flaw. This results in a denial of service (DoS) condition for the user, disrupting normal use of the application.

Mitigation Strategies

To mitigate this vulnerability, you should update the Mattermost Desktop App to a version later than 6.1 5.5.13.0 where this issue is fixed.

Avoid opening extremely long URLs in the Mattermost Desktop App, especially those from untrusted or malicious servers.

Compliance Impact

The provided information does not specify how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-8683. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart