Description
continuwuity is a Matrix homeserver written in Rust. This vulnerability allows an attacker with a malicious remote server to cause the local server to sign an arbitrary event upon user interaction. Upon a user account leaving a room (rejecting an invite), joining a room or knocking on a room, the victim server may ask a remote server for assistance. If the victim asks the attacker server for assistance the attacker is able to provide an arbitrary event, which the victim will sign and return to the attacker. For the /leave endpoint, this works for any event with a supported room version, where the origin and origin_server_ts is set by the victim. For the /join endpoint, an additionally victim-set content field in the format of a join membership is needed. For the /knock endpoint, an additional victim-set content field in the format of a knock membership and a room version not between 1 and 6 is needed. This was exploited as a part of a larger chain against the continuwuity.org homeserver. This vulnerability affects all Conduit-derived servers. This vulnerability is fixed in Continuwuity 0.5.1, Conduit 0.10.11, Grapevine 0aae932b, and Tuwunel 1.4.9.
INFO
Published Date :
2026-02-02T18:56:27.523Z
Last Modified :
2026-02-03T14:53:20.068Z
Source :
GitHub_M
AFFECTED PRODUCTS
The following products are affected by CVE-2026-24471 vulnerability.
| Vendors | Products |
|---|---|
| Conduit |
|
| Continuwuity |
|
REFERENCES
Here, you will find a curated list of external links that provide in-depth information to CVE-2026-24471.
