GHSA-h97m-27fx-42rxMediumCVSS 4.9
matrix-sdk-ui: Incomplete edit validation
🔗 CVE IDs covered (1)
📋 Description
Impact
The message edit validation logic in the matrix-sdk-ui crate before 0.16.1 is missing a check: when replacing an encrypted event, the replacement event itself is not required to be encrypted. This enables a malicious homeserver administrator (or an actor with equivalent power) to impersonate or spoof messages as if they were sent by a victim user.
Patches
matrix-sdk-ui 0.16.1 fixes the message edit validation logic to align with the algorithm for replacement events^1 described in the Matrix specification.
Workarounds
N/A
References
- Pull request: https://github.com/matrix-org/matrix-rust-sdk/pull/6454
For more information
If you have any questions or comments about this advisory, please email us at security at matrix.org.
🎯 Affected products1
- rust/matrix-sdk-ui:< 0.16.1
🔗 References (5)
- https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-h97m-27fx-42rx
- https://github.com/matrix-org/matrix-rust-sdk/pull/6454
- https://github.com/matrix-org/matrix-rust-sdk/releases/tag/matrix-sdk-0.16.1
- https://rustsec.org/advisories/RUSTSEC-2026-0158.html
- https://github.com/advisories/GHSA-h97m-27fx-42rx