CVE-2026-4635
published 2026-05-22CVE-2026-4635: Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to archive the channel before removing persistent…
PriorityP428medium5.3CVSS 3.1
AVNACHPRLUINSUCNINAH
EPSS
0.17%
6.9th percentile
Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to archive the channel before removing persistent notifications which allows authenticated user to crash the server via timing the creation of persistent notification message between the server deleting existing persistent notifications and archiving the channel.. Mattermost Advisory ID: MMSA-2026-00637
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | mattermost_mattermost-server | >= 10.11.0 < 10.11.15 | 10.11.15 |
| github.com | mattermost_mattermost-server | >= 11.4.0 < 11.4.5 | 11.4.5 |
| github.com | mattermost_mattermost-server | >= 11.5.0 < 11.5.4 | 11.5.4 |
| github.com | mattermost_mattermost-server | >= 11.6.0 < 11.6.1 | 11.6.1 |
| mattermost | mattermost | 10.11.0 – 10.11.14 | — |
| mattermost | mattermost | 11.4.0 – 11.4.4 | — |
| mattermost | mattermost | 11.5.0 – 11.5.3 | — |
| mattermost | mattermost | 11.6.0 – 11.6.0 | — |
| mattermost | mattermost_server | >= 10.11.0 < 10.11.15 | 10.11.15 |
| mattermost | mattermost_server | >= 11.4.0 < 11.4.5 | 11.4.5 |
| mattermost | mattermost_server | >= 11.5.0 < 11.5.4 | 11.5.4 |
| mattermost | mattermost_server | >= 11.6.0 < 11.6.1 | 11.6.1 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
cvelistv5v3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pg7c-462j-grxv: Mattermost versions 11
ghsa_unreviewed·2026-05-26
CVE-2026-4635 [MEDIUM] CWE-362 GHSA-pg7c-462j-grxv: Mattermost versions 11
Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to archive the channel before removing persistent notifications which allows authenticated user to crash the server via timing the creation of persistent notification message between the server deleting existing persistent notifications and archiving the channel.. Mattermost Advisory ID: MMSA-2026-00637
GHSA
Mattermost doesn't archive the channel before removing persistent notifications
ghsa·2026-05-26
CVE-2026-4635 [MEDIUM] CWE-362 Mattermost doesn't archive the channel before removing persistent notifications
Mattermost doesn't archive the channel before removing persistent notifications
Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to archive the channel before removing persistent notifications which allows authenticated user to crash the server via timing the creation of persistent notification message between the server deleting existing persistent notifications and archiving the channel. Mattermost Advisory ID: MMSA-2026-00637.
CVEList
Persistent notification timing attack causing server denial of service
cvelistv5·2026-05-22·CVSS 6.5
CVE-2026-4635 [MEDIUM] CWE-362 Persistent notification timing attack causing server denial of service
Persistent notification timing attack causing server denial of service
Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to archive the channel before removing persistent notifications which allows authenticated user to crash the server via timing the creation of persistent notification message between the server deleting existing persistent notifications and archiving the channel.. Mattermost Advisory ID: MMSA-2026-00637
VulDB
Mattermost up to 10.11.14/11.4.4/11.5.3/11.6.0 Notification Message race condition
vuldb·2026-05-22
CVE-2026-4635 [LOW] Mattermost up to 10.11.14/11.4.4/11.5.3/11.6.0 Notification Message race condition
A vulnerability was found in Mattermost up to 10.11.14/11.4.4/11.5.3/11.6.0. It has been classified as problematic. This vulnerability affects unknown code of the component Notification Message Handler. Performing a manipulation results in race condition.
This vulnerability is identified as CVE-2026-4635. The attack can be initiated remotely. There is not any exploit available.
Upgrading the affected component is recommended.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-22
Published