CVE-2026-8075
Awaiting Analysis Awaiting Analysis - Queue

Mattermost Desktop App Link Header Null Check Failure

Vulnerability report for CVE-2026-8075, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-17

Last updated on: 2026-07-17

Assigner: Mattermost, Inc.

Description

Mattermost Desktop App versions <=6.2 5.5.13 6.0.2.0 fail to properly null check when checking for headers in the Mattermost Desktop App which allows any user to crash another channel members Desktop App via posting a malicious link with an embedded image that misses one of those headers. Mattermost Advisory ID: MMSA-2026-00668

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-17
Last Modified
2026-07-17
Generated
2026-07-17
AI Q&A
2026-07-17
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
mattermost desktop_app to 6.2 (inc)
mattermost desktop_app 5.5.13
mattermost desktop_app 6.0.2.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-754 The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

Mattermost Desktop App versions <=6.2, 5.5.13, and 6.0.2.0 fail to properly null check headers when processing embedded images in links. This allows a user to crash another user's desktop app by posting a malicious link with an image missing required headers.

Detection Guidance

This vulnerability can be detected by checking the installed version of Mattermost Desktop App. If the version is <=6.2, <=5.5.13, or <=6.0.2.0, the system is vulnerable. Use commands like 'mattermost-desktop --version' or check installed packages via package managers (e.g., 'apt list --installed | grep mattermost' or 'brew list mattermost-desktop').

Monitor for crashes in the Mattermost Desktop App after users interact with links containing embedded images. Check application logs for errors related to missing headers in images.

Impact Analysis

This vulnerability can cause denial-of-service by crashing the desktop app of any user who views the malicious link. It does not allow data theft or code execution but disrupts normal app functionality.

Compliance Impact

This vulnerability does not directly affect compliance with GDPR or HIPAA as it involves a denial-of-service condition in the Mattermost Desktop App. However, if the application is used to process or store sensitive data under these regulations, a crash could disrupt access to such data, potentially impacting availability requirements.

Mitigation Strategies

Update Mattermost Desktop App to versions 6.2.5.5.13, 6.0.2.0 or later to address the vulnerability. Monitor Mattermost's security updates page for patches and apply them promptly.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-8075. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart