Q: What is the authoritative source for CVE-2026-2454?

CVE-2026-2454 (CVE-2026-2454) is catalogued in NVD + CISA KEV + FIRST EPSS and curated for EU compliance use cases by SQUR.

Q: How severe is CVE-2026-2454?

CVE-2026-2454 carries a HIGH CVSS 8.6 severity rating.

Question 1

What is CVE-2026-2454 — CVE-2026-2454?

Accepted Answer

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to handle incorrectly reported array lengths which allows malicious user to cause OOM errors and crash the server via sending corrupted msgpack frames within websocket messages to calls plugin.

Question 2

What is the authoritative source for CVE-2026-2454?

Accepted Answer

CVE-2026-2454 (CVE-2026-2454) is catalogued in NVD + CISA KEV + FIRST EPSS and curated for EU compliance use cases by SQUR.

Question 3

How severe is CVE-2026-2454?

Accepted Answer

CVE-2026-2454 carries a HIGH CVSS 8.6 severity rating.

CVSS 3.1	8.6 (HIGH)
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS	0.27% probability of exploitation · percentile 19.0% · 2026-06-18T12:00:27Z
Published	2026-03-16
Last modified	2026-03-18

CVE-2026-2454CVE-2026-2454

Description

Scoring

Underlying weaknesses· 1

References

1

Related by meaning· 6