CVE-2026-4054— SVG content served through Mattermost image proxy despite Content-Type restrictions causes client-side denial of service
Possible ATT&CK Techniques 2AI
T1059 · Command and Scripting Interpreter T1189 · Drive-by CompromiseAffected Version Matrix 7
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mattermost | Mattermost | 11.5.0≤ 11.5.1 | affected |
10.11.0≤ 10.11.13 | affected | ||
11.4.0≤ 11.4.3 | affected | ||
11.6.0 | unaffected | ||
11.5.2 | unaffected | ||
10.11.14 | unaffected | ||
11.4.4 | unaffected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-4054
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SVG content served through Mattermost image proxy despite Content-Type restrictions causes client-side denial of service
Source: NVD (National Vulnerability Database)
Vulnerability Description
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 Fail to validate the response body of proxied images, which allows a remote attacker to enact client-side DoS via an SVG file served from an attacker-controlled origin under a non-SVG Content-Type header (e.g. image/png) embedded in an og:image meta tag or Markdown image link.. Mattermost Advisory ID: MMSA-2026-00630
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
对因果或异常条件的不恰当检查
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Mattermost | Mattermost | 11.5.0 ~ 11.5.1 | - |
II. Public POCs for CVE-2026-4054
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-4054
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same product: Mattermost
- CVE-2026-4053
post edit time limit is not enforced on some post update ope - CVE-2026-3590
Race Condition in Guest Magic Link Authentication Allows Tok - CVE-2026-28741
CSRF Protection Bypass Allows Updating a User's Authenticati - CVE-2026-27769
Connected Workspaces: Malicious remote server can manipulate - CVE-2026-24661
Unbounded Request Body Read in MS Teams Plugin {{/changes}}
Same vendor: Mattermost
- CVE-2026-4053
post edit time limit is not enforced on some post update ope - CVE-2026-3590
Race Condition in Guest Magic Link Authentication Allows Tok - CVE-2026-28741
CSRF Protection Bypass Allows Updating a User's Authenticati - CVE-2026-27769
Connected Workspaces: Malicious remote server can manipulate - CVE-2026-24661
Unbounded Request Body Read in MS Teams Plugin {{/changes}}
Same weakness: CWE-754
- CVE-2026-0241
Trust Protection Foundation: Multiple Authorization Bypass V - CVE-2026-0235
Prisma Browser: Access and Data Rule Bypass - CVE-2026-0262
PAN-OS: Denial of Service Vulnerabilities in Network Traffic - CVE-2026-42950
ELECOM WAB 代码问题漏洞 - CVE-2026-42349
Clerk: Authorization bypass when combining organization, bil
V. Comments for CVE-2026-4054
No comments yet