Matrix Synapse before 0.33.3.1 and 0.33.2.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.
"https://github.com/pypa/advisory-database/blob/main/vulns/matrix-synapse/PYSEC-2026-845.yaml"