Mattermost Desktop App versions <=6.2 5.5.13 6.0.2.0 fail to properly null check when checking for headers in the Mattermost Desktop App which allows any user to crash another channel members Desktop App via posting a malicious link with an embedded image that misses one of those headers. Mattermost Advisory ID: MMSA-2026-00668

Project Subscriptions

Vendors Products
Mattermost Subscribe
Mattermost Subscribe
Advisories

No advisories yet.

Fixes

Solution

Update Mattermost Desktop App to versions 6.3.0, 5.13.6.0, 6.2.1.0 or higher.


Workaround

No workaround given by the vendor.

References
History

Fri, 17 Jul 2026 11:45:00 +0000

Type Values Removed Values Added
First Time appeared Mattermost
Mattermost mattermost
Vendors & Products Mattermost
Mattermost mattermost

Fri, 17 Jul 2026 10:30:00 +0000

Type Values Removed Values Added
Description Mattermost Desktop App versions <=6.2 5.5.13 6.0.2.0 fail to properly null check when checking for headers in the Mattermost Desktop App which allows any user to crash another channel members Desktop App via posting a malicious link with an embedded image that misses one of those headers. Mattermost Advisory ID: MMSA-2026-00668
Title Posting a malicious markdown image crashes the Mattermost Desktop App
Weaknesses CWE-754
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}


Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: Mattermost

Published:

Updated: 2026-07-17T12:53:59.567Z

Reserved: 2026-05-07T10:57:31.807Z

Link: CVE-2026-8075

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-17T11:30:05Z

Weaknesses