CVE-2026-13350
Deferred Deferred - Pending Action
Incorrect Room Type Assignment in Matrix Synapse

Publication date: 2026-06-25

Last updated on: 2026-06-25

Assigner: rami.io

Description
Permissions where checked incorrectly during room creation, allowing attackers to create rooms of types they shouldn't be allowed to create.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-25
Last Modified
2026-06-25
Generated
2026-06-26
AI Q&A
2026-06-25
EPSS Evaluated
N/A
NVD
CVE-2026-13350
EUVD
EUVD-2026-39468
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
venueless venueless to 040ae040 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability involves incorrect permission checks allowing unauthorized room creation, impacting system integrity by enabling unauthorized modifications or actions.

However, there is no specific information provided about how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

The CVE-2026-13350 vulnerability in the venueless software involves an incorrect permission check during the creation of rooms. This flaw allowed attackers to create rooms of types they were not authorized to create.

The issue affected versions prior to a specific patch (commit 040ae040) and is classified under CWE-639, which relates to authorization bypass through user-controlled keys.

Impact Analysis

This vulnerability primarily impacts system integrity by allowing unauthorized users to create rooms of unauthorized types.

Such unauthorized room creation could lead to unauthorized modifications or actions within the system, potentially disrupting normal operations or enabling further exploitation.

Detection Guidance

The vulnerability involves unauthorized creation of room types due to incorrect permission checks during room creation in the venueless software. Detection would focus on identifying unauthorized or unexpected room creation events.

Since the vulnerability requires network access and some privileges, monitoring logs for room creation activities and verifying the types of rooms created against expected permissions can help detect exploitation.

Specific commands are not provided in the available resources. However, administrators can check application logs or database entries related to room creation timestamps, user IDs, and room types to identify anomalies.

Mitigation Strategies

The vulnerability was patched in the venueless software as of commit 040ae040. The immediate mitigation step is to update the software to a version that includes this patch.

Additionally, restricting network access to trusted users and limiting privileges to only those necessary can reduce the risk of exploitation.

Monitoring and auditing room creation activities can also help detect and respond to any unauthorized attempts.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-13350. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart