High severity7.1OSV Advisory· Published Oct 2, 2025· Updated Apr 15, 2026

CVE-2025-49090

Description

The Matrix specification before 1.16 (i.e., with a room version before 12 and State Resolution before 2.1) has deficient state resolution.

Matrix Org/Matrix SpecOSV
Range: 0.2.0, client-server/0.3.0, client-server/r0.1.0, …

81a864545f7d

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

No linked articles in our index yet.