Lucene search
+L

5 matches found

CVE
CVE
added 5 hours ago9 views

CVE-2026-63097

Dendrite 0.13.8 is affected by an improper access-control in the syncapi /context endpoint (syncapi/routing/context.go). The flaw uses a flawed membership check that only considers RoomExists, ignoring IsInRoom, HasBeenInRoom, and Membership fields, allowing authenticated local users who have lef...

5.3CVSS5.4AI score
Exploits0References2
CVE
CVE
added 5 hours ago9 views

CVE-2026-63095

CVE-2026-63095 affects Dendrite up to version 0.13.8. An improper authorization flaw in the Matrix Client-Server API allows any authenticated local user to delete another user’s third-party identifier (3PID) bindings by submitting an arbitrary address/medium to the account deletion endpoint witho...

7.1CVSS5.5AI score
Exploits0References2
Cvelist
Cvelist
added 5 hours ago10 views

CVE-2026-63095 Dendrite 0.13.8 Improper Authorization via POST account/3pid/delete Endpoint

Dendrite through 0.13.8 contains an improper authorization vulnerability in the Matrix Client-Server API that allows any authenticated local user to delete third-party identifier bindings belonging to other users by submitting an arbitrary address and medium to the account deletion endpoint witho...

7.1CVSS
Exploits0References2
Positive Technologies
Positive Technologies
added 20 hours ago4 views

PT-2026-60789

Dendrite through 0.13.8 contains a server-side request forgery vulnerability that allows unauthenticated attackers to cause the server to open outbound TLS connections to arbitrary hosts and ports by supplying an unvalidated serverName parameter to the legacy media download endpoint. Attackers ca...

6.9CVSS5.5AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/08/19 12:0 a.m.3 views

PT-2022-23108 · Unknown +1 · Gomatrixserverlib +1

Name of the Vulnerable Software and Affected Versions: Dendrite versions prior to 0.9.3 gomatrixserverlib versions prior to commit 723fd49 Description: The power level parsing within gomatrixserverlib was failing to parse the "events default" key of the m.room.power levels event, defaulting the...

8.8CVSS8.4AI score0.0065EPSS
Exploits0References12
Rows per page
Query Builder