CyberRota
← Ana sayfaya dön

CVE-2026-63097

MEDIUM · CVSS 4.3 Public Exploit

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-07-17T16:17:16.783 · Çekilme zamanı: 2026-07-17T18:33:44.168030+00:00

CyberRota Yorumu

Detaylı analiz gerekiyor.

Public Exploit Sinyali

Bu CVE için açıklama veya referanslarda public exploit / PoC / GitHub / Metasploit sinyali tespit edildi.

Tespit Edilen Sinyaller
exploit
GitHub PoC Linkleri

Not: Bu bağlantılar yalnızca güvenlik araştırması ve doğrulama amacıyla listelenmiştir.

CVE
CVE-2026-63097
Severity
MEDIUM
CVSS
4.3
EPSS
Yok

Orijinal NVD Açıklaması

Dendrite through 0.13.8 contains an improper access control vulnerability in the syncapi /context endpoint (syncapi/routing/context.go) that allows authenticated local users to access post-leave room state events by exploiting a flawed membership check that evaluates only the RoomExists field while ignoring IsInRoom, HasBeenInRoom, and Membership fields. Attackers who have left a room can call the rooms context API endpoint for a previously permitted event and receive unfiltered current room state that the /messages and /sync endpoints correctly withhold.