[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-2455":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-06T02:55:33.997Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":23,"aliases":24,"duplicate_of":9,"upstream":27,"downstream":28,"duplicates":31,"related":32,"reserved_at":9,"published_at":34,"modified_at":35,"state":36,"summary":37,"references_raw":46,"kevs":73,"epss":74,"epss_history":77,"metrics":320,"affected":330},"CVE-2026-2455","Mattermost versions 11.3.x \u003C= 11.3.0, 11.2.x \u003C= 11.2.2, 10.11.x \u003C= 10.11.10 fail to canonicalize IPv4-mapped IPv6 addresses before reserved IP validation which allows an attacker to perform SSRF attacks against internal services via IPv4-mapped IPv6 literals (e.g., [::ffff:127.0.0.1]).. Mattermost Advisory ID: MMSA-2026-00585",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-918","Server-Side Request Forgery (SSRF)","The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.","weakness","Incomplete","Base",[19],{"id":20,"name":21,"techniques":22},"CAPEC-664","Server Side Request Forgery",[],[],[25,26],"GHSA-gqv7-j2j8-qmwq","GO-2026-4746",[],[29],{"_key":30},"SUSE-SU-2026:1135-1",[],[33],{"_key":30},"2026-03-16T14:53:31.280Z","2026-03-16T18:38:07.619Z","Analyzed",{"cisa_kev":38,"cisa_ransomware":38,"cisa_vendor":9,"epss_severity":39,"epss_score":40,"severity":41,"severity_score":42,"severity_version":43,"severity_source":44,"severity_vector":45,"severity_status":36},false,"low",0.0004,"medium",4.3,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",[47,55,60,64,69],{"url":48,"sources":49,"tags":52},"https://mattermost.com/security-updates",[44,50,51],"nvd","osv_go",[53,54],"Vendor Advisory","WEB",{"url":56,"sources":57,"tags":58},"https://nvd.nist.gov/vuln/detail/CVE-2026-2455",[51],[59],"Advisory",{"url":61,"sources":62,"tags":63},"https://github.com/mattermost/mattermost/commit/5d787969c2d5ab591a9dcd61b0810475eed7a646",[51],[54],{"url":65,"sources":66,"tags":67},"https://github.com/mattermost/mattermost",[51],[68],"PACKAGE",{"url":70,"sources":71,"tags":72},"https://github.com/advisories/GHSA-gqv7-j2j8-qmwq",[51],[59],[],{"date":75,"score":40,"percentile":76},"2026-06-05",0.12317,[78,82,85,89,92,95,99,102,105,108,111,114,117,120,123,126,129,132,135,138,141,144,146,149,152,155,158,160,163,166,168,171,175,178,181,184,187,190,193,196,199,202,205,208,211,214,217,220,223,226,229,232,235,238,241,244,247,250,253,256,259,262,265,268,271,274,277,280,283,286,289,292,295,298,301,304,307,310,313,316,319],{"date":79,"score":80,"percentile":81},"2026-03-17",0.00025,0.06505,{"date":83,"score":80,"percentile":84},"2026-03-18",0.06489,{"date":86,"score":87,"percentile":88},"2026-03-19",0.00027,0.06974,{"date":90,"score":87,"percentile":91},"2026-03-20",0.06993,{"date":93,"score":87,"percentile":94},"2026-03-21",0.07219,{"date":96,"score":97,"percentile":98},"2026-03-22",0.0003,0.08407,{"date":100,"score":97,"percentile":101},"2026-03-23",0.08366,{"date":103,"score":97,"percentile":104},"2026-03-24",0.08345,{"date":106,"score":97,"percentile":107},"2026-03-25",0.08428,{"date":109,"score":97,"percentile":110},"2026-03-26",0.08501,{"date":112,"score":97,"percentile":113},"2026-03-27",0.08493,{"date":115,"score":97,"percentile":116},"2026-03-28",0.08507,{"date":118,"score":97,"percentile":119},"2026-03-29",0.08479,{"date":121,"score":97,"percentile":122},"2026-03-30",0.08456,{"date":124,"score":97,"percentile":125},"2026-03-31",0.08424,{"date":127,"score":97,"percentile":128},"2026-04-01",0.08408,{"date":130,"score":97,"percentile":131},"2026-04-02",0.08451,{"date":133,"score":97,"percentile":134},"2026-04-03",0.08477,{"date":136,"score":97,"percentile":137},"2026-04-04",0.08505,{"date":139,"score":97,"percentile":140},"2026-04-05",0.08491,{"date":142,"score":97,"percentile":143},"2026-04-06",0.08414,{"date":145,"score":97,"percentile":125},"2026-04-07",{"date":147,"score":97,"percentile":148},"2026-04-08",0.08496,{"date":150,"score":97,"percentile":151},"2026-04-09",0.08515,{"date":153,"score":97,"percentile":154},"2026-04-10",0.08512,{"date":156,"score":97,"percentile":157},"2026-04-11",0.08508,{"date":159,"score":97,"percentile":140},"2026-04-12",{"date":161,"score":97,"percentile":162},"2026-04-13",0.08475,{"date":164,"score":97,"percentile":165},"2026-04-14",0.08346,{"date":167,"score":97,"percentile":101},"2026-04-15",{"date":169,"score":97,"percentile":170},"2026-04-16",0.08369,{"date":172,"score":173,"percentile":174},"2026-04-17",0.00034,0.09963,{"date":176,"score":173,"percentile":177},"2026-04-18",0.09939,{"date":179,"score":173,"percentile":180},"2026-04-19",0.09901,{"date":182,"score":173,"percentile":183},"2026-04-20",0.09892,{"date":185,"score":173,"percentile":186},"2026-04-21",0.10071,{"date":188,"score":173,"percentile":189},"2026-04-22",0.101,{"date":191,"score":173,"percentile":192},"2026-04-23",0.10126,{"date":194,"score":173,"percentile":195},"2026-04-24",0.10048,{"date":197,"score":173,"percentile":198},"2026-04-25",0.10059,{"date":200,"score":173,"percentile":201},"2026-04-26",0.10027,{"date":203,"score":173,"percentile":204},"2026-04-27",0.10003,{"date":206,"score":173,"percentile":207},"2026-04-28",0.09968,{"date":209,"score":173,"percentile":210},"2026-04-29",0.09972,{"date":212,"score":173,"percentile":213},"2026-04-30",0.09964,{"date":215,"score":173,"percentile":216},"2026-05-01",0.09943,{"date":218,"score":173,"percentile":219},"2026-05-02",0.09978,{"date":221,"score":173,"percentile":222},"2026-05-03",0.0996,{"date":224,"score":173,"percentile":225},"2026-05-04",0.09922,{"date":227,"score":173,"percentile":228},"2026-05-05",0.09908,{"date":230,"score":173,"percentile":231},"2026-05-06",0.09909,{"date":233,"score":173,"percentile":234},"2026-05-07",0.10061,{"date":236,"score":173,"percentile":237},"2026-05-08",0.10088,{"date":239,"score":173,"percentile":240},"2026-05-09",0.1013,{"date":242,"score":173,"percentile":243},"2026-05-10",0.10122,{"date":245,"score":173,"percentile":246},"2026-05-11",0.10103,{"date":248,"score":173,"percentile":249},"2026-05-12",0.10143,{"date":251,"score":173,"percentile":252},"2026-05-13",0.10158,{"date":254,"score":173,"percentile":255},"2026-05-14",0.10201,{"date":257,"score":173,"percentile":258},"2026-05-15",0.10193,{"date":260,"score":173,"percentile":261},"2026-05-16",0.10214,{"date":263,"score":173,"percentile":264},"2026-05-17",0.10187,{"date":266,"score":173,"percentile":267},"2026-05-18",0.10155,{"date":269,"score":173,"percentile":270},"2026-05-19",0.10111,{"date":272,"score":173,"percentile":273},"2026-05-20",0.10104,{"date":275,"score":173,"percentile":276},"2026-05-21",0.10079,{"date":278,"score":173,"percentile":279},"2026-05-22",0.10319,{"date":281,"score":40,"percentile":282},"2026-05-23",0.12105,{"date":284,"score":40,"percentile":285},"2026-05-24",0.12092,{"date":287,"score":40,"percentile":288},"2026-05-25",0.12074,{"date":290,"score":40,"percentile":291},"2026-05-26",0.12063,{"date":293,"score":40,"percentile":294},"2026-05-27",0.12153,{"date":296,"score":40,"percentile":297},"2026-05-28",0.12282,{"date":299,"score":40,"percentile":300},"2026-05-29",0.12334,{"date":302,"score":40,"percentile":303},"2026-05-30",0.1231,{"date":305,"score":40,"percentile":306},"2026-05-31",0.12284,{"date":308,"score":40,"percentile":309},"2026-06-01",0.12242,{"date":311,"score":40,"percentile":312},"2026-06-02",0.12241,{"date":314,"score":40,"percentile":315},"2026-06-03",0.12214,{"date":317,"score":40,"percentile":318},"2026-06-04",0.12235,{"date":75,"score":40,"percentile":76},[321,326,328],{"source":44,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":322,"cvss_v4_0":9},{"baseScore":42,"baseSeverity":323,"vectorString":45,"impactScore":324,"exploitabilityScore":325},"MEDIUM",2.3,7.2,{"source":50,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":327,"cvss_v4_0":9},{"baseScore":42,"baseSeverity":323,"vectorString":45,"impactScore":324,"exploitabilityScore":325},{"source":51,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":329,"cvss_v4_0":9},{"baseScore":42,"baseSeverity":9,"vectorString":45,"impactScore":324,"exploitabilityScore":325},[331,361,367,372,380,396],{"ecosystem":332,"name":333,"vendor":334,"product":335,"cpe_part":9,"purl_type":336,"purl_namespace":334,"purl_name":335,"source":9,"versions":337},"Go","github.com/mattermost/mattermost-server","github.com/mattermost","mattermost-server","golang",[338,346,349,353,357],{"version":339,"is_range":340,"range_type":341,"version_start":342,"version_start_type":343,"version_end":344,"version_end_type":345,"fixed_in":9},"gte11_3_0_rc1+incompatible_lt11_3_1+incompatible",true,"semver","11.3.0-rc1+incompatible","including","11.3.1+incompatible","excluding",{"version":347,"is_range":340,"range_type":341,"version_start":9,"version_start_type":9,"version_end":348,"version_end_type":345,"fixed_in":9},"lt5_3_2_0_20260129133647_5d787969c2d5","5.3.2-0.20260129133647-5d787969c2d5",{"version":350,"is_range":340,"range_type":341,"version_start":351,"version_start_type":343,"version_end":352,"version_end_type":345,"fixed_in":9},"gte10_11_0_rc1_lt10_11_11","10.11.0-rc1","10.11.11",{"version":354,"is_range":340,"range_type":341,"version_start":355,"version_start_type":343,"version_end":356,"version_end_type":345,"fixed_in":9},"gte11_2_0_rc1_lt11_2_3","11.2.0-rc1","11.2.3",{"version":358,"is_range":340,"range_type":341,"version_start":359,"version_start_type":343,"version_end":360,"version_end_type":345,"fixed_in":9},"gte11_3_0_rc1_lt11_3_1","11.3.0-rc1","11.3.1",{"ecosystem":332,"name":362,"vendor":333,"product":363,"cpe_part":9,"purl_type":336,"purl_namespace":333,"purl_name":363,"source":9,"versions":364},"github.com/mattermost/mattermost-server/v5","v5",[365],{"version":366,"is_range":340,"range_type":341,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"all",{"ecosystem":332,"name":368,"vendor":333,"product":369,"cpe_part":9,"purl_type":336,"purl_namespace":333,"purl_name":369,"source":9,"versions":370},"github.com/mattermost/mattermost-server/v6","v6",[371],{"version":366,"is_range":340,"range_type":341,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":332,"name":373,"vendor":374,"product":375,"cpe_part":9,"purl_type":336,"purl_namespace":374,"purl_name":375,"source":9,"versions":376},"github.com/mattermost/mattermost/server/v8","github.com/mattermost/mattermost/server","v8",[377],{"version":378,"is_range":340,"range_type":341,"version_start":9,"version_start_type":9,"version_end":379,"version_end_type":345,"fixed_in":9},"lt8_0_0_20260129133647_5d787969c2d5","8.0.0-20260129133647-5d787969c2d5",{"ecosystem":9,"name":381,"vendor":382,"product":382,"cpe_part":383,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":384},"Mattermost","mattermost","a",[385,388,392],{"version":386,"is_range":340,"range_type":44,"version_start":387,"version_start_type":343,"version_end":387,"version_end_type":343,"fixed_in":9},">= 11.3.0, \u003C= 11.3.0","11.3.0",{"version":389,"is_range":340,"range_type":44,"version_start":390,"version_start_type":343,"version_end":391,"version_end_type":343,"fixed_in":9},">= 11.2.0, \u003C= 11.2.2","11.2.0","11.2.2",{"version":393,"is_range":340,"range_type":44,"version_start":394,"version_start_type":343,"version_end":395,"version_end_type":343,"fixed_in":9},">= 10.11.0, \u003C= 10.11.10","10.11.0","10.11.10",{"ecosystem":9,"name":397,"vendor":382,"product":398,"cpe_part":383,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":399},"mattermost server","mattermost_server",[400,403,405],{"version":401,"is_range":340,"range_type":402,"version_start":394,"version_start_type":343,"version_end":352,"version_end_type":345,"fixed_in":9},"gte10.11.0_lt10.11.11","cpe",{"version":404,"is_range":340,"range_type":402,"version_start":390,"version_start_type":343,"version_end":356,"version_end_type":345,"fixed_in":9},"gte11.2.0_lt11.2.3",{"version":406,"is_range":340,"range_type":402,"version_start":387,"version_start_type":343,"version_end":360,"version_end_type":345,"fixed_in":9},"gte11.3.0_lt11.3.1"]