3 matches found
CVE-2026-63095
Dendrite through 0.13.8 contains an improper authorization vulnerability in the Matrix Client-Server API that allows any authenticated local user to delete third-party identifier bindings belonging to other users by submitting an arbitrary address and medium to the account deletion endpoint witho...
CVE-2026-63095
CVE-2026-63095 affects Dendrite up to version 0.13.8. An improper authorization flaw in the Matrix Client-Server API allows any authenticated local user to delete another user’s third-party identifier (3PID) bindings by submitting an arbitrary address/medium to the account deletion endpoint witho...
PT-2026-60788
Dendrite through 0.13.8 contains an improper authorization vulnerability in the Matrix Client-Server API that allows any authenticated local user to delete third-party identifier bindings belonging to other users by submitting an arbitrary address and medium to the account deletion endpoint witho...