1.11.26 fixes 2 CVEs: <https://github.com/vector-im/element-desktop/releases/tag/v1.11.26>
See also: <https://matrix.org/blog/2023/03/28/security-releases-matrix-js-sdk-24-0-0-and-matrix-react-sdk-3-69-0>
> Although we have only demonstrated a denial-of-service-style impact, we cannot
> completely rule out the possibility of a more severe impact due to the
> relatively extensive attack surface. We have therefore classified this as High
> severity and strongly recommend upgrading as a precautionary measure.
fixed in 04863433b36f012d01c712ea86b784c01734bdf9 (bumped to to 1.11.29)
Both prototype pollution vulnerabilities in bundled Matrix libraries. All done, thanks!