Matrix Rust SDK: Sender-binding gaps in to-device and room-key attribution
Description
Impact
The matrix-sdk-crypto crate before 0.16.1 is missing a check for the sender's user ID when decrypting an Olm-encrypted to-device message containing the sender_device_keys property.
This could be exploited to spoof the sender of an encrypted to-device message, but only if the attacker colludes with (or is) the homeserver operator.
Patches
This issue is fixed in matrix-sdk-crypto 0.16.1.
Workarounds
There are no known workarounds for the issue.
References
This issue was fixed in https://github.com/matrix-org/matrix-rust-sdk/pull/6553.
For more information
If you have any questions or comments about this advisory, please email us at security at matrix.org.
Affected products
3- Range: <0.16.1
- Range: <0.16.1
Patches
1f4b27943a0ebchore: Add a changelog entry for user ID check in the embedded device keys
1 file changed · +6 −0
crates/matrix-sdk-crypto/CHANGELOG.md+6 −0 modified@@ -6,6 +6,12 @@ All notable changes to this project will be documented in this file. ## [Unreleased] - ReleaseDate +### Bug Fixes + +- Check the user ID in the `sender_device_keys` property of Olm-encrypted +to-device events to prevent sender spoofing by homeserver owners. +([#6553](https://github.com/matrix-org/matrix-rust-sdk/pull/6553)) + ### Features - [**breaking**] Change to the stable identifiers for `m.room_key_bundle`,
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
5- github.com/advisories/GHSA-wfq4-36m3-9g42ghsaADVISORY
- github.com/matrix-org/matrix-rust-sdk/pull/6553ghsa
- github.com/matrix-org/matrix-rust-sdk/releases/tag/matrix-sdk-0.16.1ghsa
- github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-wfq4-36m3-9g42ghsa
- rustsec.org/advisories/RUSTSEC-2026-0159.htmlghsa
News mentions
0No linked articles in our index yet.