diff --git a/changelog.d/15438.misc b/changelog.d/15438.misc
new file mode 100644
index 000000000..1edcbac7e
--- /dev/null
+++ b/changelog.d/15438.misc
@@ -0,0 +1 @@
+Disable directory listing for static resources in `/_matrix/static/`.
\ No newline at end of file
diff --git a/synapse/http/server.py b/synapse/http/server.py
index 7b760505b..101dc2e74 100644
--- a/synapse/http/server.py
+++ b/synapse/http/server.py
@@ -46,6 +46,13 @@ from twisted.internet import defer, interfaces
 from twisted.internet.defer import CancelledError
 from twisted.python import failure
 from twisted.web import resource
+
+try:
+    from twisted.web.pages import notFound
+except ImportError:
+    from twisted.web.resource import NoResource as notFound  # type: ignore[assignment]
+
+from twisted.web.resource import IResource
 from twisted.web.server import NOT_DONE_YET, Request
 from twisted.web.static import File
 from twisted.web.util import redirectTo
@@ -569,6 +576,9 @@ class StaticResource(File):
         set_clickjacking_protection_headers(request)
         return super().render_GET(request)
 
+    def directoryListing(self) -> IResource:
+        return notFound()
+
 
 class UnrecognizedRequestResource(resource.Resource):
     """