Communication

In Istio versions through 1.28.2 a medium severity vulnerability CVE-2026-23766 was detected. This vulnerability allows attackers to manipulate firewall behavior by injecting custom iptables rules through the traffic.sidecar.istio.io/excludeInterfaces annotation, potentially altering network traffic handling within a pod. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-23766.

In Mattermost versions 10.11.x up to and including 10.11.8 and prior to 11.2.0 a low severity vulnerability CVE-2025-14822 was detected. This vulnerability allows authenticated attackers to trigger a denial of service by exhausting CPU resources through a single HTTP request containing a post with thousands of space-separated tokens, exploiting quadratic complexity in the model.ParseHashtags function. To address this issue, users should upgrade Mattermost to versions 10.11.9 or 11.2.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-14822.

In Mattermost versions 10.11.x up to and including 10.11.8, 11.0.x up to and including 11.0.6, and 11.1.x up to and including 11.1.1 a medium severity vulnerability CVE-2025-14435 was detected. This vulnerability allows authenticated attackers to cause an application-level denial of service by triggering API errors that lead to unbounded component re-render loops, resulting in infinite re-renders and degraded application availability. To address this issue, users should upgrade Mattermost to versions 10.11.9, 11.1.2 or 11.0.7. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-14435.

In Mattermost versions 10.5.0 to 10.5.1, 10.4.0 to 10.4.3, and 9.11.0 to 9.11.9 a low severity vulnerability CVE-2025-24839 was detected. This vulnerability allows users to turn on the AI bot by adding a setting to a post using the Wrangler plugin, even if they don’t have access to the bot. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2025/cve-2025-24839.