GitHub Security Lab

Hidden feature in Signal? Not for attackers!

An attacker with no admin privileges can delete any message in a group!

Apr 2 at 6:14pmWeb
Show threadGitHub Security LabApr 2
https://securitylab.github.com/advisories/GHSL-2026-095_iOS_SignalApp/
GHSL-2026-095: Unauthorized message deletion in Signal for iOS

Signal for iOS v8.2 is affected by a vulnerability where an attacker can exploit an improper authorization check within the Admin Delete message handler, leading to unauthorized message deletion.

GitHub Security Lab
Show threadGitHub Security LabApr 2
https://securitylab.github.com/advisories/GHSL-2026-082_Android_SignalApp/
GHSL-2026-082: Unauthorized message deletion in Signal for Android

Signal for Android versions >= v8.1.0 and < v8.3.0 are affected by a vulnerability where an attacker can exploit improperly validated group context within the Admin Delete message handler, leading to unauthorized message deletion.

GitHub Security Lab