{"api_version":"1","generated_at":"2026-04-23T04:10:43+00:00","cve":"CVE-2026-3108","urls":{"html":"https://cve.report/CVE-2026-3108","api":"https://cve.report/api/cve/CVE-2026-3108.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-3108","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-3108"},"summary":{"title":"Terminal Escape Injection in mmctl Report Posts Command","description":"Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail to sanitize user-controlled post content in the mmctl commands terminal output which allows attackers to manipulate administrator terminals via crafted messages containing ANSI and OSC escape sequences that enable screen manipulation, fake prompts, and clipboard hijacking.. Mattermost Advisory ID: MMSA-2026-00599","state":"PUBLISHED","assigner":"Mattermost","published_at":"2026-03-26 17:16:41","updated_at":"2026-03-30 19:45:27"},"problem_types":["CWE-150","CWE-150 CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"8.8","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"responsibledisclosure@mattermost.com","type":"Secondary","score":"8","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H","baseScore":8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"8","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H","data":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H","version":"3.1"}}],"references":[{"url":"https://mattermost.com/security-updates","name":"https://mattermost.com/security-updates","refsource":"responsibledisclosure@mattermost.com","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-3108","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3108","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Mattermost","product":"Mattermost","version":"affected 11.2.0 11.2.2 semver","platforms":[]},{"source":"CNA","vendor":"Mattermost","product":"Mattermost","version":"affected 10.11.0 10.11.10 semver","platforms":[]},{"source":"CNA","vendor":"Mattermost","product":"Mattermost","version":"affected 11.4.0 11.4.0 semver","platforms":[]},{"source":"CNA","vendor":"Mattermost","product":"Mattermost","version":"affected 11.3.0 11.3.1 semver","platforms":[]},{"source":"CNA","vendor":"Mattermost","product":"Mattermost","version":"unaffected 11.5.0","platforms":[]},{"source":"CNA","vendor":"Mattermost","product":"Mattermost","version":"unaffected 11.2.3","platforms":[]},{"source":"CNA","vendor":"Mattermost","product":"Mattermost","version":"unaffected 10.11.11","platforms":[]},{"source":"CNA","vendor":"Mattermost","product":"Mattermost","version":"unaffected 11.4.1","platforms":[]},{"source":"CNA","vendor":"Mattermost","product":"Mattermost","version":"unaffected 11.3.2","platforms":[]}],"timeline":[],"solutions":[{"source":"CNA","title":"","value":"Update Mattermost to versions 11.5.0, 11.2.3, 10.11.11, 11.4.1, 11.3.2 or higher.","time":"","lang":"en"}],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"winfunc","lang":"en"}],"nvd_cpes":[{"cve_year":"2026","cve_id":"3108","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mattermost","cpe5":"mattermost_server","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-3108","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-03-26T00:00:00+00:00","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-03-27T03:55:41.498Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"Mattermost","vendor":"Mattermost","versions":[{"lessThanOrEqual":"11.2.2","status":"affected","version":"11.2.0","versionType":"semver"},{"lessThanOrEqual":"10.11.10","status":"affected","version":"10.11.0","versionType":"semver"},{"lessThanOrEqual":"11.4.0","status":"affected","version":"11.4.0","versionType":"semver"},{"lessThanOrEqual":"11.3.1","status":"affected","version":"11.3.0","versionType":"semver"},{"status":"unaffected","version":"11.5.0"},{"status":"unaffected","version":"11.2.3"},{"status":"unaffected","version":"10.11.11"},{"status":"unaffected","version":"11.4.1"},{"status":"unaffected","version":"11.3.2"}]}],"credits":[{"lang":"en","type":"finder","value":"winfunc"}],"descriptions":[{"lang":"en","value":"Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail to sanitize user-controlled post content in the mmctl commands terminal output which allows attackers to manipulate administrator terminals via crafted messages containing ANSI and OSC escape sequences that enable screen manipulation, fake prompts, and clipboard hijacking.. Mattermost Advisory ID: MMSA-2026-00599"}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-150","description":"CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-03-26T16:16:49.790Z","orgId":"9302f53e-dde5-4bf3-b2f2-a83f91ac0eee","shortName":"Mattermost"},"references":[{"name":"MMSA-2026-00599","tags":["vendor-advisory"],"url":"https://mattermost.com/security-updates"}],"solutions":[{"lang":"en","value":"Update Mattermost to versions 11.5.0, 11.2.3, 10.11.11, 11.4.1, 11.3.2 or higher."}],"source":{"advisory":"MMSA-2026-00599","defect":["https://mattermost.atlassian.net/browse/MM-67364"],"discovery":"EXTERNAL"},"title":"Terminal Escape Injection in mmctl Report Posts Command","x_generator":{"engine":"cvelib 1.8.0"}}},"cveMetadata":{"assignerOrgId":"9302f53e-dde5-4bf3-b2f2-a83f91ac0eee","assignerShortName":"Mattermost","cveId":"CVE-2026-3108","datePublished":"2026-03-26T16:16:49.790Z","dateReserved":"2026-02-24T10:50:40.507Z","dateUpdated":"2026-03-27T03:55:41.498Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-03-26 17:16:41","lastModifiedDate":"2026-03-30 19:45:27","problem_types":["CWE-150","CWE-150 CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences"],"metrics":{"cvssMetricV31":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H","baseScore":8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"10.11.0","versionEndExcluding":"10.11.11","matchCriteriaId":"B6E5F368-358C-429B-8F04-3C8DF4A71A91"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.2.0","versionEndExcluding":"11.2.3","matchCriteriaId":"7F64C167-943D-4F3F-9374-BCC8DECB3881"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.3.0","versionEndExcluding":"11.3.2","matchCriteriaId":"805ECFFC-82FD-4754-AF95-32167E1D41CB"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:11.4.0:*:*:*:*:*:*:*","matchCriteriaId":"7B6A1FE2-D980-4755-A838-190A53A4D62B"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"3108","Ordinal":"1","Title":"Terminal Escape Injection in mmctl Report Posts Command","CVE":"CVE-2026-3108","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"3108","Ordinal":"1","NoteData":"Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail to sanitize user-controlled post content in the mmctl commands terminal output which allows attackers to manipulate administrator terminals via crafted messages containing ANSI and OSC escape sequences that enable screen manipulation, fake prompts, and clipboard hijacking.. Mattermost Advisory ID: MMSA-2026-00599","Type":"Description","Title":"Terminal Escape Injection in mmctl Report Posts Command"}]}}}