matrix_nio is vulnerable to authorization bypass. The library correctly accepts key forwards only if they are a response to a previous request and doesn’t check whether the device that responded matches the device the key was requested from, which allows homeservers to try to insert room keys of questionable validity, potentially mounting an impersonation attack.