CVE-2026-24661
medium
CVSS v3
—
CVSS v2
—
VIR risk
5.5
Description
Mattermost MS Teams plugin doesn't limit the request body size on the /changes webhook endpoint
Predictions
Exploit likelihood
30%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Go | github.com/mattermost/mattermost-plugin-msteams | <1.15.1-0.20260213190728-6fe4d295592e | 1.15.1-0.20260213190728-6fe4d295592e |
| GO | github.com/mattermost/mattermost-plugin-msteams | < 1.15.1-0.20260213190728-6fe4d295592e | 1.15.1-0.20260213190728-6fe4d295592e |
References
- https://nvd.nist.gov/vuln/detail/CVE-2026-24661
- https://github.com/mattermost/mattermost-plugin-msteams/commit/6fe4d295592ecc8767d67e69286cbeec01be3210
- https://github.com/mattermost/mattermost-plugin-msteams
- https://github.com/mattermost/mattermost-plugin-msteams/releases/tag/v2.3.2
- https://mattermost.com/security-updates
- https://github.com/advisories/GHSA-5rfv-h47g-xj42
Verify integrity in audit chain (admin only). AS-IS.