{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-3108/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve-2026-3108","mattermost","terminal-injection"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-3108 affects Mattermost servers using the \u003ccode\u003emmctl\u003c/code\u003e command-line tool. This vulnerability, disclosed in March 2026, stems from a failure to properly sanitize user-controlled post content within the terminal output of \u003ccode\u003emmctl\u003c/code\u003e commands. Specifically, versions 11.2.x up to 11.2.2, 10.11.x up to 10.11.10, 11.4.x up to 11.4.0, and 11.3.x up to 11.3.1 are susceptible. An attacker leveraging this flaw can inject ANSI and OSC escape sequences into administrator terminals. These sequences enable…\u003c/p\u003e\n","date_modified":"2026-03-26T17:16:41Z","date_published":"2026-03-26T17:16:41Z","id":"/briefs/2026-03-mattermost-terminal-injection/","summary":"Mattermost versions 11.2.x \u003c= 11.2.2, 10.11.x \u003c= 10.11.10, 11.4.x \u003c= 11.4.0, 11.3.x \u003c= 11.3.1 are vulnerable to terminal injection, allowing attackers to manipulate administrator terminals via crafted messages containing ANSI and OSC escape sequences.","title":"Mattermost mmctl Terminal Injection Vulnerability (CVE-2026-3108)","url":"https://feed.craftedsignal.io/briefs/2026-03-mattermost-terminal-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-3108","version":"https://jsonfeed.org/version/1.1"}