Back to overview

CVE-2026-63096

MEDIUM
5.8
CVSS 3.1
Description
Dendrite through 0.13.8 contains a server-side request forgery vulnerability that allows unauthenticated attackers to cause the server to open outbound TLS connections to arbitrary hosts and ports by supplying an unvalidated serverName parameter to the legacy media download endpoint. Attackers can exploit distinguishable error response classes and leaked internal IP addresses in error messages to perform blind port scanning and enumerate internal network topology.

Metadata

CVE ID
CVE-2026-63096
State
PUBLISHED
Assigner
VulnCheck
Reserved
2026-07-15 15:45 UTC
Published
2026-07-17 15:30 UTC
Last updated
2026-07-17 15:30 UTC
Primary CWE
CWE-918
Server-Side Request Forgery (SSRF)
Vendor / Product
matrix-org / dendrite
Sources
cve.org  ·  NVD

Severity & Metrics

5.8 MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Affected products (1)
VendorProductPlatformVersions
matrix-org dendrite 0 ≤ 0.13.8
Weakness (CWE)
CWESourceDescription
CWE-918 cna Server-Side Request Forgery (SSRF)
CVSS scores (2)
ScoreSeverityVersionSourceVector
6.9 MEDIUM 4.0 cna CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N
5.8 MEDIUM 3.1 cna CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Back to overview