CVE-2020-26891

Name: CVE-2020-26891
Creator: NVD / NIST
Published: 2020-10-19T17:15:13.22+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.1/10EPSS 1.91%

Last modified Jun 17, 2026

CVE-2020-26891 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the /_matrix/client/r0/auth/*/fallback/web or /_matrix/client/unstable/auth/*/fallback/web Synapse endpoints.. EPSS estimates a 1.91% chance of exploitation in the next 30 days.

Description

AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the /_matrix/client/r0/auth/*/fallback/web or /_matrix/client/unstable/auth/*/fallback/web Synapse endpoints.

Metrics

CVSS 3.1

6.1/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS Probability

1.91%

77.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-79

Affected Software

Vendor	Product	Versions
Matrix	Synapse	< 1.21.0

References

https://github.com/matrix-org/synapse/pull/8444Issue Tracking, Patch, Third Party Advisory
https://github.com/matrix-org/synapse/releases/tag/v1.21.2Release Notes, Third Party Advisory
https://github.com/matrix-org/synapse/security/advisories/GHSA-3x8c-fmpc-5rmqPatch, Third Party Advisory
https://matrix.org/blog/2020/10/15/synapse-1-21-2-released-and-security-advisoryRelease Notes, Vendor Advisory
https://github.com/matrix-org/synapse/pull/8444Issue Tracking, Patch, Third Party Advisory
https://github.com/matrix-org/synapse/releases/tag/v1.21.2Release Notes, Third Party Advisory
https://github.com/matrix-org/synapse/security/advisories/GHSA-3x8c-fmpc-5rmqPatch, Third Party Advisory
https://matrix.org/blog/2020/10/15/synapse-1-21-2-released-and-security-advisoryRelease Notes, Vendor Advisory

Timeline

Published: Oct 19, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2020-26891?

How severe is CVE-2020-26891?

CVE-2020-26891 has a CVSS score of 6.1/10 (MEDIUM severity). The EPSS model estimates a 1.91% probability of exploitation in the next 30 days.

How do I fix CVE-2020-26891?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-26891?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST