{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T12:54:03.811","vulnerabilities":[{"cve":{"id":"CVE-2026-3109","sourceIdentifier":"responsibledisclosure@mattermost.com","published":"2026-03-26T17:16:41.967","lastModified":"2026-03-30T13:26:50.827","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Mattermost Plugins versions <=11.4 10.11.11.0 fail to validate webhook request timestamps which allows an attacker to corrupt Zoom meeting state in Mattermost via replayed webhook requests. Mattermost Advisory ID: MMSA-2026-00584"},{"lang":"es","value":"Las versiones &lt;=11.4 10.11.11.0 de los plugins de Mattermost no validan las marcas de tiempo de las solicitudes de webhook, lo que permite a un atacante corromper el estado de las reuniones de Zoom en Mattermost mediante solicitudes de webhook repetidas. ID de aviso de Mattermost: MMSA-2026-00584"}],"metrics":{"cvssMetricV31":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L","baseScore":2.2,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":0.7,"impactScore":1.4}]},"weaknesses":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","description":[{"lang":"en","value":"CWE-754"}]}],"references":[{"url":"https://mattermost.com/security-updates","source":"responsibledisclosure@mattermost.com"}]}}]}