Server-Side Request Forgery Vulnerability in Dendrite by Element
CVE-2026-63096
Key Information:
- Vendor
Matrix-org
- Status
- Vendor
- CVE Published:
- 17 July 2026
Badges
What is CVE-2026-63096?
Dendrite, up to version 0.13.8, is vulnerable to a server-side request forgery (SSRF) that enables unauthenticated attackers to manipulate the server into establishing outbound TLS connections to arbitrary hosts and ports. This vulnerability arises from the lack of validation on the serverName parameter within the legacy media download endpoint. Attackers can exploit distinguishable error responses and leaked internal IP addresses from error messages, which allows them to perform blind port scanning and enumerate the internal network topology. This poses a significant risk to the integrity and confidentiality of sensitive network information.
Affected Version(s)
dendrite 0 <= 0.13.8
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
