3 matches found
CVE-2026-42553 Cinny: Access token disclosure via invalidated emoji pack avatar URL in service worker
Cinny is a Matrix client. Prior to 4.10.3, A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes for example in a DM can cause the victim's client to send their Matrix access token to an attacker-controlled server. This occurs when the victim...
GHSA-J944-W549-3453 Cinny vulnerable to access token disclosure via invalidated emoji pack avatar URL in service worker
Impact A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes for example in a DM can cause the victim's client to send their Matrix access token to an attacker-controlled server. This occurs when the victim opens the emoji or sticker picker for...
Cinny vulnerable to access token disclosure via invalidated emoji pack avatar URL in service worker
Impact A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes for example in a DM can cause the victim's client to send their Matrix access token to an attacker-controlled server. This occurs when the victim opens the emoji or sticker picker for...