CVE-2026-3471
MEDIUMDescription
Mattermost Desktop App versions <=6.1 6.0.1 5.4.13.0 fail to prevent an invalid URL from loading in a pop-up window in the Mattermost Desktop App which allows a malicious server owner to repeated crash the application via calling {{window.open('javascript:alert()');}}. Mattermost Advisory ID: MMSA-2026-00618
Is your site exposed to CVE-2026-3471?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
References
Other References
Frequently Asked Questions
What is CVE-2026-3471? +
How severe is CVE-2026-3471? +
How do I check if I'm vulnerable to CVE-2026-3471? +
Related Vulnerabilities
A flaw exists in FlashArray Purity where insufficient filtering of certain data paths could expose sensitive information to an authenticated …
An attacker could retrieve sensitive files (medical images) as well as plant new medical images or overwrite existing medical images …
Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for …
Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for …
'Rakuten Ichiba App' for Android 12.4.0 and earlier and 'Rakuten Ichiba App' for iOS 11.7.0 and earlier are vulnerable to …
A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part …