CVE-2026-63097 Dendrite 0.13.8 syncapi /context Endpoint Post-Leave State Exposure
Dendrite through 0.13.8 contains an improper access control vulnerability in the syncapi /context endpoint syncapi/routing/context.go that allows authenticated local users to access post-leave room state events by exploiting a flawed membership check that evaluates only the RoomExists field while...