Mattermost Desktop App versions <=6.2 6.0.2 5.6.13.0 fail to validate payloads sent from the Mattermost Web App to the Desktop App which allows a malicious server owner to crash the Mattermost Desktop App via changing the payload of a method to a malformed one. Mattermost Advisory ID: MMSA-2026-00678
Metrics
Affected Vendors & Products
References
| Link | Providers |
|---|---|
| https://mattermost.com/security-updates |
|
History
Fri, 17 Jul 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 17 Jul 2026 12:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Mattermost
Mattermost mattermost |
|
| Vendors & Products |
Mattermost
Mattermost mattermost |
Fri, 17 Jul 2026 10:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Mattermost Desktop App versions <=6.2 6.0.2 5.6.13.0 fail to validate payloads sent from the Mattermost Web App to the Desktop App which allows a malicious server owner to crash the Mattermost Desktop App via changing the payload of a method to a malformed one. Mattermost Advisory ID: MMSA-2026-00678 | |
| Title | Mattermost Desktop App crashes when malformed arguments are provided to some exposed IPC methods | |
| Weaknesses | CWE-400 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: Mattermost
Published:
Updated: 2026-07-17T12:54:25.366Z
Reserved: 2026-05-26T15:42:07.316Z
Link: CVE-2026-9602
Updated: 2026-07-17T12:54:22.176Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-17T12:15:15Z