PatchSiren

matrix-org CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM matrix-org CVE published 2026-07-17

CVE-2026-63097

CVE-2026-63097 is an improper access control vulnerability in Dendrite's syncapi /context endpoint. This issue allows authenticated local users to access post-leave room state events by exploiting a flawed membership check. The vulnerability is caused by the endpoint evaluating only the RoomExists field while ignoring IsInRoom, HasBeenInRoom, and Membership fields. As a result, attackers who have left a r [truncated]

MEDIUM matrix-org CVE published 2026-07-17

CVE-2026-63096

CVE-2026-63096 is a server-side request forgery vulnerability in Dendrite through 0.13.8. This vulnerability allows unauthenticated attackers to cause the server to open outbound TLS connections to arbitrary hosts and ports by supplying an unvalidated serverName parameter to the legacy media download endpoint. The vulnerability could allow attackers to perform blind port scanning and enumerate internal ne [truncated]

HIGH matrix-org CVE published 2026-07-17

CVE-2026-63095

CVE-2026-63095 is an improper authorization vulnerability in Dendrite through 0.13.8. The issue allows any authenticated local user to delete third-party identifier bindings belonging to other users. This is possible through the account deletion endpoint without ownership verification. Exploiting the unverified Forget3PID handler enables an attacker to remove a victim's email or MSISDN binding. Subsequent [truncated]