CVE-2026-6850
Received Received - Intake

Denial of Service in Mattermost via Malicious Markdown Payload

Vulnerability report for CVE-2026-6850, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-13

Last updated on: 2026-07-13

Assigner: Mattermost, Inc.

Description

Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to validate the length and content of message attachment field values, which allows an authenticated attacker to cause a denial of service for all users in a channel via a post containing a specially crafted payload that triggers catastrophic backtracking in the client-side markdown parser.. Mattermost Advisory ID: MMSA-2026-00658

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-13
Last Modified
2026-07-13
Generated
2026-07-13
AI Q&A
2026-07-13
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
mattermost mattermost to 11.7.2 (inc)
mattermost mattermost to 11.6.4 (inc)
mattermost mattermost to 10.11.19 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1333 The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability affects certain versions of Mattermost (11.7.x <= 11.7.2, 11.6.x <= 11.6.4, and 10.11.x <= 10.11.19) where the application fails to properly validate the length and content of message attachment field values.

An authenticated attacker can exploit this by sending a post containing a specially crafted payload that triggers catastrophic backtracking in the client-side markdown parser.

This results in a denial of service (DoS) affecting all users in the channel.

Impact Analysis

The primary impact of this vulnerability is a denial of service (DoS) condition for all users in a channel.

An attacker who is authenticated can cause the client-side markdown parser to enter catastrophic backtracking, which can disrupt normal communication and availability within the affected Mattermost channels.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6850. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart