CVE-2026-4643
3.5 LOWMattermost Desktop App versions <=6.1 6.0.1 5.4.13.0 fail to prevent server-rendered content from closing an underlying application view ...
Published: 2026-05-18 · Last updated: 2026-06-05
Severity and scoring
- CVSS
- 3.5 LOW
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
- CWE
- CWE-754
Affected products
| Vendor | Product |
|---|---|
| mattermost | mattermost_desktop |
Description
Mattermost Desktop App versions <=6.1 6.0.1 5.4.13.0 fail to prevent server-rendered content from closing an underlying application view in the Mattermost Desktop App which allows a malicious server or plugin to crash the desktop client via invoking {{window.close()}} in the renderer context, leading to a denial of service condition at the client level. Mattermost Advisory ID: MMSA-2026-00633
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-4643
- [Vendor advisory]https://mattermost.com/security-updates
Related CVEs
Same vendor
- CVE-2026-6957 — Mattermost Plugins versions <=1.1.5 fail to sanitize filenames received from federated peers before using them to construct export destin... (8.0 HIGH)
- CVE-2026-4915 — Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to filter nil elements from outgoing w... (6.5 MEDIUM)
- CVE-2026-4858 — Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to check integration URL for path trav... (8.0 HIGH)
- CVE-2026-4055 — Mattermost versions 11.5.x <= 11.5.1 fail to validate team-level run_create permission against the target team when creating a playbook r... (4.3 MEDIUM)
- CVE-2026-6347 — Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to sanitize sensitive configuration fields in the Matter... (7.6 HIGH)
Same CWE
- CVE-2026-0269 — A memory corruption vulnerability in the processing of tunnel traffic in Palo Alto Networks PAN-OS® software allows an authenticated user...
- CVE-2026-46541 — Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm (7.5 HIGH)
- CVE-2026-45678 — OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard (7.5 HIGH)
- CVE-2026-49325 — Improper handling of physical conditions in the bike-shutdown control of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows... (4.6 MEDIUM)
- CVE-2026-49318 — Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows ... (2.4 LOW)