Description
Element Server Suite Community Edition (ESS Community) deploys a Matrix stack using the provided Helm charts and Kubernetes distribution. The ESS Community Helm Chart secrets initialization hook (using matrix-tools container before 0.5.7) is using an insecure Matrix server key generation method, allowing network attackers to potentially recreate the same key pair, allowing them to impersonate the victim server. The secret is generated by the secrets initialization hook, in the ESS Community Helm Chart values, if both initSecrets.enabled is not set to false and synapse.signingKey is not defined. Given a server key in Matrix authenticates both requests originating from and events constructed on a given server, this potentially impacts confidentiality, integrity and availability of rooms which have a vulnerable server present as a member. The confidentiality of past conversations in end-to-end encrypted rooms is not impacted. The key generation issue was fixed in matrix-tools 0.5.7, released as part of ESS Community Helm Chart 25.12.1.
Published: 2026-02-12
Score: 9.2 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Impersonation of Matrix Server
Action: Immediate Patch
AI Analysis

Impact

The vulnerability arises from an insecure server key generation method in the ESS Community Helm Chart's secrets initialization hook, allowing network attackers to recreate the same key pair and impersonate the Matrix server. This could enable attackers to generate events and authenticate requests as the server, potentially compromising the confidentiality, integrity, and availability of rooms that include the vulnerable server as a member. The confidentiality of past conversations in end‑to‑end encrypted rooms is explicitly stated to remain unaffected.

Affected Systems

Element Server Suite Community Edition deploying Matrix via the ESS Community Helm Chart is affected. Versions of the helm chart prior to 25.12.1, which bundle matrix-tools prior to version 0.5.7, generate the key insecurely if initSecrets.enabled is not disabled and synapse.signingKey is not predefined. Stakeholders using matrix-tools prior to 0.5.7 in this context are at risk.

Risk and Exploitability

The CVSS score of 9.2 classifies this as a high‑severity vulnerability, and the EPSS score of less than 1% indicates a very low but nonzero likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is a network attacker targeting the Kubernetes environment hosting the ESS Community Helm Chart, exploiting the insecure key generation to impersonate the server. Exploitation requires network reach to the cluster or the ability to influence the initialization process of the secrets hook.

Generated by OpenCVE AI on April 17, 2026 at 20:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to ESS Community Helm Chart 25.12.1 or later, which incorporates matrix-tools 0.5.7 and corrects the key generation flaw.
  • If an upgrade cannot occur immediately, set initSecrets.enabled to false or explicitly define synapse.signingKey in the Helm values to prevent the automatic creation of an insecure key.
  • Limit network access to the Kubernetes cluster to trusted sources to reduce the opportunity for attackers to exploit the vulnerable key generation process.

Generated by OpenCVE AI on April 17, 2026 at 20:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 13 Feb 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Element-hq
Element-hq ess-helm
Element-hq matrix-tools
Vendors & Products Element-hq
Element-hq ess-helm
Element-hq matrix-tools

Thu, 12 Feb 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 12 Feb 2026 19:30:00 +0000

Type Values Removed Values Added
Description Element Server Suite Community Edition (ESS Community) deploys a Matrix stack using the provided Helm charts and Kubernetes distribution. The ESS Community Helm Chart secrets initialization hook (using matrix-tools container before 0.5.7) is using an insecure Matrix server key generation method, allowing network attackers to potentially recreate the same key pair, allowing them to impersonate the victim server. The secret is generated by the secrets initialization hook, in the ESS Community Helm Chart values, if both initSecrets.enabled is not set to false and synapse.signingKey is not defined. Given a server key in Matrix authenticates both requests originating from and events constructed on a given server, this potentially impacts confidentiality, integrity and availability of rooms which have a vulnerable server present as a member. The confidentiality of past conversations in end-to-end encrypted rooms is not impacted. The key generation issue was fixed in matrix-tools 0.5.7, released as part of ESS Community Helm Chart 25.12.1.
Title ESS Community Helm Chart has a weak server key generation method
Weaknesses CWE-336
References
Metrics cvssV4_0

{'score': 9.2, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Element-hq Ess-helm Matrix-tools
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-12T20:05:49.862Z

Reserved: 2026-01-20T22:30:11.777Z

Link: CVE-2026-24044

cve-icon Vulnrichment

Updated: 2026-02-12T20:05:46.282Z

cve-icon NVD

Status : Deferred

Published: 2026-02-12T20:16:09.237

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-24044

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T20:15:26Z

Weaknesses