https://feed.craftedsignal.io/tags/cve-2026-3108/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioThu, 26 Mar 2026 17:16:41 +0000https://feed.craftedsignal.io/briefs/2026-03-mattermost-terminal-injection/Thu, 26 Mar 2026 17:16:41 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-mattermost-terminal-injection/Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 are vulnerable to terminal injection, allowing attackers to manipulate administrator terminals via crafted messages containing ANSI and OSC escape sequences.CVE-2026-3108 affects Mattermost servers using the mmctl command-line tool. This vulnerability, disclosed in March 2026, stems from a failure to properly sanitize user-controlled post content within the terminal output of mmctl commands. Specifically, versions 11.2.x up to 11.2.2, 10.11.x up to 10.11.10, 11.4.x up to 11.4.0, and 11.3.x up to 11.3.1 are susceptible. An attacker leveraging this flaw can inject ANSI and OSC escape sequences into administrator terminals. These sequences enable…

]]>highadvisorycve-2026-3108mattermostterminal-injection