AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2024-51749: Element is a Matrix web client built using the Matrix React SDK. Versions of Element Web and Desktop earlier than 1.11.8

lowvulnerability

security

Source: NVD/CVE DatabaseNovember 12, 2024CVE-2024-51749

Summary

Element is a messaging app web client that had a bug in versions before 1.11.85 where it didn't properly validate thumbnails (small preview images) for attachments, stickers, and images. This allowed attackers to add fake thumbnails that would trigger unwanted file downloads when users clicked on them.

Solution / Mitigation

Update Element Web and Desktop to version 1.11.85 or later. The fix is confirmed in element-web 1.11.85.

Vulnerability Details

CVSS Score

3.5(low)

EPSS (30-day exploit probability)

EPSS: 0.1%

Classification

Attack SophisticationTrivial

Taxonomy References

CWE (Weakness Type)

CWE-451

Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-51749

First tracked: February 15, 2026 at 08:52 PM

Classified by LLM (prompt v3) · confidence: 95%