Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2026-21388

3.7 LOW

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): LOW

created 5 days, 11 hours ago

Unbounded Request Body Read in MS Teams Plugin {{/lifecycle}} Webhook Endpoint

Mattermost Plugins versions <=2.3.1 fail to limit the request body size on the {{/lifecycle}} webhook endpoint which allows an authenticated attacker to cause memory exhaustion and denial of service via sending an oversized JSON payload. Mattermost Advisory ID: MMSA-2026-00610

References

MMSA-2026-00610 vendor-advisory

Affected products

Mattermost

==2.3.2.0
=<2.3.1

Matching in nixpkgs

pkgs.mattermost

Mattermost is an open source platform for secure collaboration across the entire software development lifecycle

nixos-unstable 10.11.13
- nixpkgs-unstable 10.11.13
- nixos-unstable-small 10.11.13
nixos-25.11 10.11.13
- nixos-25.11-small 10.11.13
- nixpkgs-25.11-darwin 10.11.13

pkgs.mattermostLatest

Mattermost is an open source platform for secure collaboration across the entire software development lifecycle

nixos-unstable 11.5.1
- nixpkgs-unstable 11.5.1
- nixos-unstable-small 11.5.1
nixos-25.11 11.3.0
- nixos-25.11-small 11.3.0
- nixpkgs-25.11-darwin 11.3.0

pkgs.mattermost-desktop

Mattermost Desktop client

nixos-unstable 6.1.0
- nixpkgs-unstable 6.1.0
- nixos-unstable-small 6.1.0
nixos-25.11 6.1.0
- nixos-25.11-small 6.1.0
- nixpkgs-25.11-darwin 6.1.0

pkgs.python312Packages.mattermostdriver

Python Mattermost Driver

nixos-25.11 7.3.2
- nixos-25.11-small 7.3.2
- nixpkgs-25.11-darwin 7.3.2

pkgs.python313Packages.mattermostdriver

Python Mattermost Driver

nixos-unstable 7.3.2
- nixpkgs-unstable 7.3.2
- nixos-unstable-small 7.3.2
nixos-25.11 7.3.2
- nixos-25.11-small 7.3.2
- nixpkgs-25.11-darwin 7.3.2

pkgs.python314Packages.mattermostdriver

Python Mattermost Driver

nixos-unstable 7.3.2
- nixpkgs-unstable 7.3.2
- nixos-unstable-small 7.3.2

Package maintainers

@Kranzes Ilan Joselevich <personal@ilanjoselevich.com>
@fsagbuya Florian Agbuya <fa@m-labs.ph>
@numinit Morgan Jones <me+nixpkgs@numin.it>
@ryantm Ryan Mulligan <ryan@ryantm.com>
@mgdelacroix Miguel de la Cruz <mgdelacroix@gmail.com>
@liff Olli Helenius <liff@iki.fi>
@jokogr Ioannis Koutras <ioannis.koutras@gmail.com>
@globin Robin Gloster <mail@glob.in>