CVE-2026-63097
Dendrite 0.13.8 syncapi /context Endpoint Post-Leave State Exposure
CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
0th
Dendrite through 0.13.8 contains an improper access control vulnerability in the syncapi /context endpoint (syncapi/routing/context.go) that allows authenticated local users to access post-leave room state events by exploiting a flawed membership check that evaluates only the RoomExists field while ignoring IsInRoom, HasBeenInRoom, and Membership fields. Attackers who have left a room can call the rooms context API endpoint for a previously permitted event and receive unfiltered current room state that the /messages and /sync endpoints correctly withhold.
| CWE | CWE-863 |
| Vendor | matrix-org |
| Product | dendrite |
| Published | Jul 17, 2026 |
Stay Ahead of the Next One
Get instant alerts for matrix-org dendrite
Be the first to know when new medium vulnerabilities affecting matrix-org dendrite are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Affected Versions
matrix-org / dendrite
0 โค 0.13.8
References
Credits
George Chen