SSRF via unvalidated attachment URLs in Mattermost Agents plugin MCP...

6.5 / 10

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Description

Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to validate attachment URLs against internal or private IP ranges in the Mattermost Agents plugin MCP server which allows an attacker with access to the MCP server in stdio mode to perform server-side request forgery (SSRF) and exfiltrate data from internal network services via supplying internal URLs as file attachments in post creation requests.. Mattermost Advisory ID: MMSA-2026-00635

Basic Information

ID CVE-2026-4339

Source Mattermost

Published Jun 26, 2026 at 14:44

Modified Jun 26, 2026 at 15:40

Affected Product

Vendor Mattermost

Product Mattermost

Version 10.11.0

Affected Versions Mattermost Mattermost 10.11.0
Mattermost Mattermost 11.6.0
Mattermost Mattermost 11.5.0

CWE Classification

CWE-918

References

mattermost.com /security-updates

{
    "lastseen": "",
    "description": "Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to validate attachment URLs against internal or private IP ranges in the Mattermost Agents plugin MCP server which allows an attacker with access to the MCP server in stdio mode to perform server-side request forgery (SSRF) and exfiltrate data from internal network services via supplying internal URLs as file attachments in post creation requests.. Mattermost Advisory ID: MMSA-2026-00635",
    "published": "2026-06-26T14:44:58.655Z",
    "modified": "2026-06-26T15:40:33.300Z",
    "type": "cve",
    "title": "SSRF via unvalidated attachment URLs in Mattermost Agents plugin MCP server",
    "source": "Mattermost",
    "references": "https://mattermost.com/security-updates",
    "id": "CVE-2026-4339",
    "bulletinFamily": "",
    "cwe": [
        "CWE-918"
    ],
    "cvelist": null,
    "sourceData": "Mattermost Mattermost 10.11.0\nMattermost Mattermost 11.6.0\nMattermost Mattermost 11.5.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Mattermost",
    "version": "10.11.0",
    "vendor": "Mattermost",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

SSRF via unvalidated attachment URLs in Mattermost Agents plugin MCP server_CVE-2026-4339