A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes (for example in a DM) can cause the victim's client to send their Matrix access token to an attacker-controlled server. This occurs when the victim opens the emoji or sticker picker for the room containing a malicious emote pack.
The root causes are:
(1) an incorrect fallback in EmojiBoard that uses untrusted pack.meta.avatar (user-controlled) without converting/validating it as an MXC URL, allowing arbitrary HTTP(S) URLs to be used; and
(2) the service worker attaching the user's Authorization bearer token to all outbound GET requests whose URL contains /_matrix/client/v1/media/download or /_matrix/client/v1/media/thumbnail without verifying the request host matches the configured homeserver origin. An attacker-controlled URL containing those path fragments and permissive CORS will receive the victim's Authorization header (access token).
Impacted users: anybody using affected Cinny web app versions who opens the emoji/sticker picker in a room containing a malicious emote pack and who is logged in (authenticated).
Version with fixes: https://github.com/cinnyapp/cinny/releases/tag/v4.10.3
| Score | Percentile |
|---|---|
| 0.17% | 37.24% |
| Base score | Version | Severity | Vector |
|---|---|---|---|
| 7.1 | 4.0 | — |
|
| Type | Value |
|---|---|
| GHSA | GHSA-j944-w549-3453 ↗ |
| CVE | CVE-2026-42553 ↗ |
| CWE id | Name |
|---|---|
| CWE-20 | Improper Input Validation |
Vulnerable version ranges and first patched releases as published by GitHub.
| Ecosystem | Package | Vulnerable range | First patched | Vulnerable functions |
|---|---|---|---|---|
| npm | cinny | < 4.10.3 | 4.10.3 | — |