PatchSiren cyber security CVE debrief
CVE-2026-3109 Mattermost CVE debrief
CVE-2026-3109 is a low-severity vulnerability in Mattermost Plugins versions <=11.4 10.11.11.0. The vulnerability allows an attacker to corrupt Zoom meeting state in Mattermost via replayed webhook requests due to a failure to validate webhook request timestamps. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 2.2, indicating a low severity.
- Vendor
- Mattermost
- Product
- Mattermost Server
- CVSS
- LOW 2.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-26
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-03-26
- Advisory updated
- 2026-06-08
Who should care
Users of Mattermost Server versions with Plugins versions <=11.4 10.11.11.0 should apply patches or mitigations to prevent potential replay attacks on Zoom meeting state.
Technical summary
The vulnerability exists in Mattermost Plugins versions <=11.4 10.11.11.0, where webhook request timestamps are not validated. This allows an attacker to corrupt Zoom meeting state via replayed webhook requests. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L.
Defensive priority
Low
Recommended defensive actions
- Apply patches or updates to Mattermost Server to ensure Plugin versions are >= 11.4 10.11.12 or later.
- Review and implement additional security measures to detect and prevent replay attacks on webhook requests.
Evidence notes
The vulnerability was reported via responsible disclosure to Mattermost and is tracked under Mattermost Advisory ID: MMSA-2026-00584.
Official resources
-
CVE-2026-3109 CVE record
CVE.org
-
CVE-2026-3109 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-3109 was published on [2026-03-26T17:16:41.967Z](https://www.cve.org/CVERecord?id=CVE-2026-3109) and last modified on [2026-06-08T12:24:28.070Z](https://nvd.nist.gov/vuln/detail/CVE-2026-3109).