CVE-2026-2454

🗓️ 16 Mar 2026 20:10:16Reported by MattermostType

CVE-2026-2454 Denial of service in the Calls plugin via malformed msgpack in websocket requests.

Reporter	Title	Published	Views	Family All 9
CNNVD	Mattermost 安全漏洞	16 Mar 202600:00	–	cnnvd
Cvelist	CVE-2026-2454 DoS in Calls plugin via malformed msgpack in websocket request.	16 Mar 202620:10	–	cvelist
EUVD	EUVD-2026-12510	16 Mar 202621:34	–	euvd
NVD	CVE-2026-2454	16 Mar 202621:16	–	nvd
Positive Technologies	PT-2026-25809	16 Mar 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-2454	16 Mar 202622:29	–	redhatcve
Snyk	Improper Validation of Specified Type of Input	16 Mar 202622:48	–	snyk
Snyk	Improper Validation of Specified Type of Input	16 Mar 202622:48	–	snyk
Vulnrichment	CVE-2026-2454 DoS in Calls plugin via malformed msgpack in websocket request.	16 Mar 202620:10	–	vulnrichment

NVD

Node

mattermost mattermost_serverRange10.11.0–10.11.11

mattermost mattermost_serverRange11.2.0–11.2.3

mattermost mattermost_serverRange11.3.0–11.3.1

[
  {
    "defaultStatus": "unaffected",
    "product": "Mattermost",
    "vendor": "Mattermost",
    "versions": [
      {
        "lessThanOrEqual": "11.3.0",
        "status": "affected",
        "version": "11.3.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "11.2.2",
        "status": "affected",
        "version": "11.2.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "10.11.10",
        "status": "affected",
        "version": "10.11.0",
        "versionType": "semver"
      },
      {
        "version": "11.4.0",
        "status": "unaffected"
      },
      {
        "version": "11.3.1",
        "status": "unaffected"
      },
      {
        "version": "11.2.3",
        "status": "unaffected"
      },
      {
        "version": "10.11.11",
        "status": "unaffected"
      }
    ]
  }
]

Source	Link
mattermost	www.mattermost.com/security-updates

18 Mar 2026 13:56Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.15.8 - 8.6

EPSS0.00127

SSVC

CWE-1287