Browse all 6 CVE security advisories affecting Matrix. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Matrix is an open-source communication protocol and ecosystem for decentralized real-time messaging, serving as a core infrastructure for secure collaboration across various applications. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and access control issues. The protocol's federated architecture introduces unique security considerations, with notable incidents including authentication bypass flaws in reference implementations. While no major breaches have been widely documented, the project's CVE history reflects ongoing challenges in securing its complex, extensible framework against both traditional web vulnerabilities and protocol-specific threats.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-49090 | Matrix 安全漏洞 — Matrix specificationCWE-642 | 7.1 | High | 2025-10-02 |
| CVE-2025-54315 | Matrix 安全漏洞 — Matrix specificationCWE-837 | 7.1 | High | 2025-10-02 |
| CVE-2024-38432 | Matrix – Tafnit v8 CWE-646: Reliance on File Name or Extension of Externally-Supplied File — Tafnit v8CWE-646 | 5.5 | Medium | 2024-07-30 |
| CVE-2024-38431 | Matrix Tafnit v8 - CWE-204: Observable Response Discrepancy — Tafnit v8CWE-204 | 5.3 | Medium | 2024-07-30 |
| CVE-2024-38430 | Matrix - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') — Tafnit v8CWE-79 | 5.4 | Medium | 2024-07-30 |
| CVE-2024-38429 | Matrix - CWE-552: Files or Directories Accessible to External Parties — Tafnit v8CWE-552 | 7.5 | High | 2024-07-30 |
This page lists every published CVE security advisory associated with Matrix. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.