{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T22:14:19.626","vulnerabilities":[{"cve":{"id":"CVE-2026-24471","sourceIdentifier":"security-advisories@github.com","published":"2026-02-02T23:16:08.270","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"continuwuity is a Matrix homeserver written in Rust. This vulnerability allows an attacker with a malicious remote server to cause the local server to sign an arbitrary event upon user interaction. Upon a user account leaving a room (rejecting an invite), joining a room or knocking on a room, the victim server may ask a remote server for assistance. If the victim asks the attacker server for assistance the attacker is able to provide an arbitrary event, which the victim will sign and return to the attacker. For the /leave endpoint, this works for any event with a supported room version, where the origin and origin_server_ts is set by the victim. For the /join endpoint, an additionally victim-set content field in the format of a join membership is needed. For the /knock endpoint, an additional victim-set content field in the format of a knock membership and a room version not between 1 and 6 is needed. This was exploited as a part of a larger chain against the continuwuity.org homeserver. This vulnerability affects all Conduit-derived servers. This vulnerability is fixed in Continuwuity 0.5.1, Conduit 0.10.11, Grapevine 0aae932b, and Tuwunel 1.4.9."},{"lang":"es","value":"continuwuity es un homeserver de Matrix escrito en Rust. Esta vulnerabilidad permite a un atacante con un servidor remoto malicioso hacer que el servidor local firme un evento arbitrario tras la interacción del usuario. Cuando una cuenta de usuario abandona una sala (rechazando una invitación), se une a una sala o llama a la puerta de una sala, el servidor víctima puede pedir asistencia a un servidor remoto. Si la víctima pide asistencia al servidor atacante, el atacante puede proporcionar un evento arbitrario, que la víctima firmará y devolverá al atacante. Para el endpoint /leave, esto funciona para cualquier evento con una versión de sala compatible, donde el origen y origin_server_ts son establecidos por la víctima. Para el endpoint /join, se necesita un campo de contenido adicionalmente establecido por la víctima en el formato de una membresía de unión. Para el endpoint /knock, se necesita un campo de contenido adicional establecido por la víctima en el formato de una membresía de knock y una versión de sala que no esté entre 1 y 6. Esto fue explotado como parte de una cadena más grande contra el homeserver continuwuity.org. Esta vulnerabilidad afecta a todos los servidores derivados de Conduit. Esta vulnerabilidad está corregida en Continuwuity 0.5.1, Conduit 0.10.11, Grapevine 0aae932b y Tuwunel 1.4.9."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-441"}]}],"references":[{"url":"https://forgejo.ellis.link/continuwuation/continuwuity/commit/12aecf809172205436c852a1eaf268c1a2c3a900","source":"security-advisories@github.com"},{"url":"https://github.com/continuwuity/continuwuity/security/advisories/GHSA-m5p2-vccg-8c9v","source":"security-advisories@github.com"}]}}]}