Nixpkgs security tracker
Untriaged
Permalink
CVE-2026-20719
4.3 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): LOW
DoS via URL Previews Rendering Malicious SVGs
Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to prevent rendering of external SVGs on link embeds which allows unauthenticated users to crash the Mattermost webapp and desktop app via creating an issue or PR on GitHub.. Mattermost Advisory ID: MMSA-2026-00595
References
-
MMSA-2026-00595 vendor-advisory
Affected products
Mattermost
- =<11.4.0
- ==11.5.0
- ==10.11.12
- ==11.2.4
- =<11.2.3
- ==11.4.1
- =<11.3.1
- =<10.11.11
- ==11.3.2
Matching in nixpkgs
pkgs.mattermost
Mattermost is an open source platform for secure collaboration across the entire software development lifecycle
pkgs.mattermostLatest
Mattermost is an open source platform for secure collaboration across the entire software development lifecycle
pkgs.mattermost-desktop
Mattermost Desktop client
pkgs.python312Packages.mattermostdriver
Python Mattermost Driver
pkgs.python313Packages.mattermostdriver
Python Mattermost Driver
pkgs.python314Packages.mattermostdriver
Python Mattermost Driver
Package maintainers
-
@Kranzes Ilan Joselevich <personal@ilanjoselevich.com>
-
@fsagbuya Florian Agbuya <fa@m-labs.ph>
-
@numinit Morgan Jones <me+nixpkgs@numin.it>
-
@ryantm Ryan Mulligan <ryan@ryantm.com>
-
@mgdelacroix Miguel de la Cruz <mgdelacroix@gmail.com>
-
@liff Olli Helenius <liff@iki.fi>
-
@jokogr Ioannis Koutras <ioannis.koutras@gmail.com>
-
@globin Robin Gloster <mail@glob.in>