CVE-2026-4643— Calling window.close() from server-side content causes crash in the Mattermost Desktop App
Possible ATT&CK Techniques 2AI
T1059 · Command and Scripting Interpreter T1499.002 · Service Exhaustion FloodAffected Version Matrix 5
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mattermost | Mattermost | ≤ 6.0.1 | affected |
≤ 5.4.13 | affected | ||
6.2.0 | unaffected | ||
6.1.1.0 | unaffected | ||
5.13.5.0 | unaffected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-4643
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Calling window.close() from server-side content causes crash in the Mattermost Desktop App
Source: NVD (National Vulnerability Database)
Vulnerability Description
Mattermost Desktop App versions <=6.1 6.0.1 5.4.13.0 fail to prevent server-rendered content from closing an underlying application view in the Mattermost Desktop App which allows a malicious server or plugin to crash the desktop client via invoking {{window.close()}} in the renderer context, leading to a denial of service condition at the client level. Mattermost Advisory ID: MMSA-2026-00633
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
对因果或异常条件的不恰当检查
Source: NVD (National Vulnerability Database)
Vulnerability Title
Mattermost Desktop App 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Mattermost Desktop App是美国Mattermost公司的一款消息传递桌面版应用程序。 Mattermost Desktop App 6.1版本、6.0.1版本和5.4.13.0版本存在代码问题漏洞,该漏洞源于未能阻止服务器渲染内容关闭底层应用视图,可能导致恶意服务器或插件通过调用window.close崩溃桌面客户端。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Mattermost | Mattermost | 0 ~ 6.0.1 | - |
II. Public POCs for CVE-2026-4643
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-4643
请登录查看更多情报信息。
Same Patch Batch · Mattermost · 2026-05-18 · 21 CVEs total
| CVE-2026-6346 | 8.7 HIGH | Sensitive credentials exposed in plaintext in Mattermost support packets |
| CVE-2026-6347 | 7.6 HIGH | Mattermost Calls plugin exposes TURN server credentials in plaintext in support packets |
| CVE-2026-3471 | 6.5 MEDIUM | Opening a window with {{javascript:alert()}} as URL causes crash in the Mattermost Desktop |
| CVE-2026-6345 | 6.5 MEDIUM | Prevent password disclosure and force reset during Slack import |
| CVE-2026-5163 | 6.5 MEDIUM | Missing authorization check in AI message rewrite endpoint allows access to private thread |
| CVE-2026-3117 | 6.5 MEDIUM | Instance and webhook GitLab plugin commands were able to be run by non-admin users |
| CVE-2026-2325 | 4.3 MEDIUM | Improper Input Validation in MS Teams Meetings API Handler |
| CVE-2026-3637 | 4.3 MEDIUM | Mattermost fails to enforce create_post permission when editing posts |
| CVE-2026-6342 | 4.3 MEDIUM | Group prefix matching bypass for subscriptions |
| CVE-2026-6341 | 4.3 MEDIUM | Incomplete group locking implementation |
| CVE-2026-6340 | 4.3 MEDIUM | Memory Exhaustion via Malicious 7zip File Upload |
| CVE-2026-6339 | 4.3 MEDIUM | Missing request origin validation on burn-on-read reveal endpoint |
| CVE-2026-28759 | 4.3 MEDIUM | Insufficient authorization in shared channel membership sync allows remote cluster to remo |
| CVE-2026-6343 | 4.3 MEDIUM | Mattermost Playbooks Plugin fails to enforce view permissions in list endpoints, allowing |
| CVE-2026-28732 | 4.3 MEDIUM | Slash command trigger-word update allowed command hijacking |
| CVE-2026-3495 | 3.8 LOW | Unescaped variables during error page composition |
| CVE-2026-4273 | 3.7 LOW | Insufficient token rotation validation in remote cluster invite confirmation |
| CVE-2026-6333 | 3.5 LOW | SSRF via Host Header Spoofing in Custom Slash Commands |
| CVE-2026-4286 | 3.1 LOW | Playbooks Plugin fails to validate team transfers, allowing unauthorized removal of member |
| CVE-2026-6334 | 3.1 LOW | OAuth authorization code client binding not enforced during token redemption in Mattermost |
IV. Related Vulnerabilities
Same product: Mattermost
- CVE-2026-22880
Mobile SSO authentication flow allows credential theft via m - CVE-2026-4858
Path traversal in integration action URL leading to arbitrar - CVE-2026-4055
Insufficient permission validation on cross-team playbook ru - CVE-2026-3471
Opening a window with {{javascript:alert()}} as URL causes c - CVE-2026-6333
SSRF via Host Header Spoofing in Custom Slash Commands
Same vendor: Mattermost
- CVE-2026-22880
Mobile SSO authentication flow allows credential theft via m - CVE-2026-4858
Path traversal in integration action URL leading to arbitrar - CVE-2026-4055
Insufficient permission validation on cross-team playbook ru - CVE-2026-3471
Opening a window with {{javascript:alert()}} as URL causes c - CVE-2026-6333
SSRF via Host Header Spoofing in Custom Slash Commands
Same weakness: CWE-754
- CVE-2026-40094
nimiq-blockchain: network-libp2p untrusted peer can crash ad - CVE-2026-8491
Node View Permissions - Moderately critical - Access bypass - CVE-2026-47315
SAMSUNG Escargot 代码问题漏洞 - CVE-2026-4054
SVG content served through Mattermost image proxy despite Co - CVE-2026-0241
Trust Protection Foundation: Multiple Authorization Bypass V
V. Comments for CVE-2026-4643
No comments yet