CVE-2026-63097 in dendrite정보

요약

\~에 의해 MITRE • 2026. 07. 17.

Dendrite through 0.13.8 contains an improper access control vulnerability in the syncapi /context endpoint (syncapi/routing/context.go) that allows authenticated local users to access post-leave room state events by exploiting a flawed membership check that evaluates only the RoomExists field while ignoring IsInRoom, HasBeenInRoom, and Membership fields. Attackers who have left a room can call the rooms context API endpoint for a previously permitted event and receive unfiltered current room state that the /messages and /sync endpoints correctly withhold.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

책임이 있는

VulnCheck

예약하다

2026. 07. 15.

모더레이션

수락

항목

VDB-379855

EPSS

0.00000

출처

Want to stay up to date on a daily basis?

Enable the mail alert feature now!