There is a recently discovered critical vulnerability that affects all Matrix homeservers of the Conduit lineage. If you’re using a Rust-based Matrix server (which are basically Conduit and forks), please urgently upgrade to the following versions:

• continuwuity: version 0.5.0
• tuwunel: version 1.4.8
• grapevine: commit 9a50c24
• conduit: v0.10.10
• conduwuit: upgrade to the latest version of either tuwunel or continuwuity

If you’re not able to upgrade right now, you should urgently implement this workaround in your reverse proxy.

Attackers exploiting this flaw can arbitrarily kick any user out of a room, join rooms unauthorized on the same server, and can also ban same-server users. They effectively constitute a severe denial of service from an unauthenticated party, and it has been exploited in the wild.