Bug 2451785 (CVE-2026-3108)
| Summary: | CVE-2026-3108 Mattermost: mmctl: Mattermost mmctl: Administrator terminal manipulation via crafted messages | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in Mattermost. This vulnerability in the `mmctl` command-line interface allows attackers to manipulate administrator terminals. By sending specially crafted messages containing ANSI and Operating System Command (OSC) escape sequences, an attacker can enable screen manipulation, display fake prompts, and hijack the administrator's clipboard, potentially exposing sensitive information or tricking administrators into executing malicious commands.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2026-03-26 17:02:29 UTC
|