Home

Description

Nanobot prior to version 0.2.1 contains a denial of service vulnerability in the Matrix channel media download handler that allows authenticated room members to exhaust process memory and bandwidth by sending media events with missing or invalid size metadata. Attackers can send multiple concurrent Matrix media events with omitted or invalid declared sizes to trigger simultaneous large media downloads that fully materialize response bodies before post-download rejection, consuming process resources until service degradation occurs.

PUBLISHED Reserved 2026-05-27 | Published 2026-06-01 | Updated 2026-06-01 | Assigner VulnCheck




MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Problem types

Allocation of Resources Without Limits or Throttling

Product status

Default status
affected

Any version before 0.2.1
affected

Credits

Chia Min Jun Lennon finder

References

github.com/HKUDS/nanobot/releases/tag/v0.2.1 release-notes

github.com/HKUDS/nanobot/pull/4106 issue-tracking

github.com/...ommit/1d4000560dfff1acb83f5c5ca8ef3ab1f092bd14 patch

www.vulncheck.com/...rvice-via-matrix-media-download-handler third-party-advisory

cve.org (CVE-2026-49140)

nvd.nist.gov (CVE-2026-49140)

Download JSON