CVSS 3.1 Score 4.3 of 10 (medium)


Published Mar 15, 2024
CWE ID 400


CVE-2024-2446 is a vulnerability that affects Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3. It allows an authenticated attacker to crash the client applications of other users by sending large, crafted messages that exceed the limit of @-mentions processed per message. The risk score for this vulnerability is rated at 10, indicating a high potential danger to organizations using affected versions of Mattermost. To remediate this issue, organizations should update their Mattermost installations to version 8.1.10, 9.2.6, 9.3.2, or 9.4.3 to fix the vulnerability and prevent potential attacks.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-2446 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options