VYPR

npm package

cinny

pkg:npm/cinny

Vulnerabilities (1)

  • CVE-2026-42553HigMay 27, 2026
    affected < 4.10.3fixed 4.10.3

    Cinny is a Matrix client. Prior to 4.10.3, A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes (for example in a DM) can cause the victim's client to send their Matrix access token to an attacker-controlled server. This occurs