Nheko · Nheko · CVE-2022-39264
**Name of the Vulnerable Software and Affected Versions**
nheko versions prior to 0.10.2
**Description**
nheko is a desktop client for the Matrix communication application. The issue allows homeservers to insert malicious secrets, which could lead to man-in-the-middle attacks.
**Recommendations**
For versions prior to 0.10.2, upgrade to version 0.10.2 to protect against this issue.
As a temporary workaround, consider applying the patch manually.
Avoid doing verifications of one's own devices until the issue is resolved.
Restrict access to the request button in the settings menu to minimize the risk of exploitation.