matrix-sdk-ui: Incomplete edit validation
Description
Impact
The message edit validation logic in the matrix-sdk-ui crate before 0.16.1 is missing a check: when replacing an encrypted event, the replacement event itself is not required to be encrypted. This enables a malicious homeserver administrator (or an actor with equivalent power) to impersonate or spoof messages as if they were sent by a victim user.
Patches
matrix-sdk-ui 0.16.1 fixes the message edit validation logic to align with the algorithm for replacement events[^1] described in the Matrix specification.
Workarounds
N/A
### References * Pull request: https://github.com/matrix-org/matrix-rust-sdk/pull/6454
For more information
If you have any questions or comments about this advisory, please email us at security at matrix.org.
[^1]: https://spec.matrix.org/unstable/client-server-api/#validity-of-replacement-events
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
matrix-sdk-uicrates.io | < 0.16.1 | 0.16.1 |
Affected products
2- Range: <0.16.1
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-h97m-27fx-42rxghsaADVISORY
- github.com/matrix-org/matrix-rust-sdk/pull/6454ghsaWEB
- github.com/matrix-org/matrix-rust-sdk/releases/tag/matrix-sdk-0.16.1ghsaWEB
- github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-h97m-27fx-42rxghsaWEB
- rustsec.org/advisories/RUSTSEC-2026-0158.htmlghsaWEB
News mentions
0No linked articles in our index yet.