diff --git a/.changeset/security_remove_metadata_leak_in_message_forwarding.md b/.changeset/security_remove_metadata_leak_in_message_forwarding.md
new file mode 100644
index 000000000..46b6546fe
--- /dev/null
+++ b/.changeset/security_remove_metadata_leak_in_message_forwarding.md
@@ -0,0 +1,5 @@
+---
+sable: patch
+---
+
+fix message forwarding metadata leak when forwarding from private rooms [see issue 190](https://github.com/SableClient/Sable/issues/190)
diff --git a/src/app/components/message/modals/MessageForward.tsx b/src/app/components/message/modals/MessageForward.tsx
index c3d7463aa..d3c04d43a 100644
--- a/src/app/components/message/modals/MessageForward.tsx
+++ b/src/app/components/message/modals/MessageForward.tsx
@@ -214,6 +214,8 @@ export function MessageForwardInternal({ room, mEvent, onClose }: MessageForward
       // we can still include the original message content in the body of the message, so we'll just use a fallback text/plain content with the original message body
       content = {
         ...mEvent.getContent(),
+        'm.relates_to': null, // remove any relations to avoid confusion in the target room
+        'm.mentions': null, // remove mentions to avoid leaking information about users in the original room
         ...forwardedTextContent,
         'moe.sable.message.forward': {
           v: 1,