Browse all 80 CVE security advisories affecting matrix-org. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Matrix.org operates the open-source Matrix protocol, a decentralized communication standard enabling real-time chat, VoIP, and collaboration across federated servers. This architecture allows users to choose their own homeservers while maintaining interoperability with other platforms. Historically, vulnerabilities within the reference implementation and related components have frequently involved server-side request forgery, cross-site scripting, and improper access controls. These flaws often stem from complex federation logic or insufficient input validation in web interfaces. Notable incidents include critical privilege escalation bugs that allowed unauthenticated attackers to execute arbitrary code or access private user data. The project’s reliance on a large ecosystem of third-party clients and bridges introduces additional attack surfaces, requiring rigorous security audits. While the protocol itself emphasizes end-to-end encryption, implementation errors in the core server software have repeatedly exposed sensitive information, highlighting the challenges of securing decentralized infrastructure.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-27155 | In-memory stored Cross-site scripting (XSS) vulnerability in pineconesim — pineconeCWE-79 | 6.1 | Medium | 2025-03-04 |
This page lists every published CVE security advisory associated with matrix-org. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.