CVE-2026-20719 — Improper Check for Unusual or Exceptional Conditions in Mattermost Mattermost Server V8

CWE-754 — Improper Check for Unusual or Exceptional Conditions5 documents5 sources

Severity

7.5HIGHNVD

CNA4.3

EPSS

0.1%

top 83.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Mattermost Mattermost Server V8 Mattermost Server Mattermost

Timeline

PublishedMar 25

Description

Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to prevent rendering of external SVGs on link embeds which allows unauthenticated users to crash the Mattermost webapp and desktop app via creating an issue or PR on GitHub.. Mattermost Advisory ID: MMSA-2026-00595

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶Gogithub.com/mattermost_mattermost_server_v811.4.0-rc1 — 11.4.1+4

▶NVDmattermost/mattermost_server10.11.0 — 10.11.12+3

▶CVEListV5mattermost/mattermost11.4.0 — 11.4.0+3

🔴Vulnerability Details

CVEList

DoS via URL Previews Rendering Malicious SVGs↗2026-03-25

▶

OSV

Mattermost: Authenticated DoS through failure to prevent rendering of external SVGs on link embeds↗2026-03-25

▶

GHSA

Mattermost: Authenticated DoS through failure to prevent rendering of external SVGs on link embeds↗2026-03-25

▶

🕵️Threat Intelligence

Wiz

CVE-2026-20719 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶