Vulnerability Report: GO-2026-4916

CVE-2026-26233, GHSA-247x-7qw8-fp98
Affects: github.com/mattermost/mattermost-server
Published: Apr 02, 2026

Mattermost doesn't rate limit login requests, allowing DoS in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. (If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.) The additional affected modules and versions are: github.com/mattermost/mattermost-server from v8.0.0-20260105080200-d27a2195068d before v8.0.0-20260217110922-b7d4a1f1f59b.

For detailed information about this vulnerability, visit https://github.com/advisories/GHSA-247x-7qw8-fp98 or https://nvd.nist.gov/vuln/detail/CVE-2026-26233.

Affected Packages

Path

Versions

Symbols

Aliases

CVE-2026-26233
GHSA-247x-7qw8-fp98

References

https://github.com/advisories/GHSA-247x-7qw8-fp98
https://nvd.nist.gov/vuln/detail/CVE-2026-26233
https://mattermost.com/security-updates
https://vuln.go.dev/ID/GO-2026-4916.json

Feedback

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL