GHSA-h97m-27fx-42rxMediumCVSS 4.9

matrix-sdk-ui: Incomplete edit validation

Published
June 4, 2026
Last Modified
June 4, 2026

🔗 CVE IDs covered (1)

📋 Description

Impact

The message edit validation logic in the matrix-sdk-ui crate before 0.16.1 is missing a check: when replacing an encrypted event, the replacement event itself is not required to be encrypted. This enables a malicious homeserver administrator (or an actor with equivalent power) to impersonate or spoof messages as if they were sent by a victim user.

Patches

matrix-sdk-ui 0.16.1 fixes the message edit validation logic to align with the algorithm for replacement events^1 described in the Matrix specification.

Workarounds

N/A

References

  • Pull request: https://github.com/matrix-org/matrix-rust-sdk/pull/6454

For more information

If you have any questions or comments about this advisory, please email us at security at matrix.org.

🎯 Affected products1

  • rust/matrix-sdk-ui:< 0.16.1

🔗 References (5)