Matrix Security Vulnerabilities (CVEs)
Track 15 security vulnerabilities affecting Matrix products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
A malicious Matrix server can craft events that cause Synapse homeservers to stop federating with other servers when received. This denial-of-service ...
Mar 27, 2025Synapse Matrix homeserver versions before 1.120.1 have a vulnerability where multipart/form-data requests can cause excessive memory consumption in ce...
Dec 3, 2024Synapse versions before 1.120.1 fail to properly validate invites received over federation, allowing a malicious server to send specially crafted invi...
Dec 3, 2024This vulnerability in Synapse Matrix homeserver allows attackers to trigger processing of uncommon image formats by enabling dynamic_thumbnails or sen...
Dec 3, 2024Synapse Matrix homeserver versions before 1.106 are vulnerable to a disk fill attack where unauthenticated attackers can force the server to download ...
Dec 3, 2024Synapse Matrix homeserver versions before 1.106 allow unauthenticated remote users to trigger downloads of remote media content and cache it locally, ...
Dec 3, 2024This vulnerability in Matrix libolm's AES implementation allows attackers to perform cache-timing attacks to potentially extract cryptographic keys. I...
Aug 22, 2024This vulnerability in Matrix libolm allows attackers to create different but valid signatures for the same message due to insufficient Ed25519 signatu...
Aug 22, 2024A malicious Matrix homeserver can manipulate user account data to force the matrix-react-sdk client to enable URL previews in end-to-end encrypted roo...
Aug 6, 2024Sydent, an identity server for Matrix, fails to verify SMTP server certificates when sending emails via TLS, making email communications vulnerable to...
Aug 4, 2023CVE-2022-36059 is a vulnerability in matrix-js-sdk where specially crafted events can disrupt or corrupt the SDK's runtime data processing. This affec...
Mar 28, 2023A buffer overflow vulnerability in Matrix libolm's olm_session_describe function allows remote attackers to execute arbitrary code or cause denial of ...
Dec 14, 2021This vulnerability allows unauthenticated attackers to trick Synapse Matrix homeservers into downloading files from remote servers to arbitrary direct...
Nov 23, 2021This vulnerability in Matrix libolm allows a malicious Matrix homeserver to crash a client via a stack-based buffer overflow in the olm_pk_decrypt fun...
Jun 16, 2021CVE-2021-29430 is a denial-of-service vulnerability in Sydent, a Matrix identity server, where attackers can send oversized HTTP requests or receive o...
Apr 15, 2021Why Monitor Matrix Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 15+ known vulnerabilities affecting Matrix products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Matrix packages in under 60 seconds. No agents required - completely agentless scanning that works across Matrix deployments.
Free vulnerability database: Access detailed information about every Matrix CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Matrix CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
