CVE-2026-45078 | THREATINT

Description

Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, local authenticated users can cause Synapse to starve other requests of CPU and lead to other requests failing, causing other users to be denied service. This vulnerability is fixed in 1.152.1.

PUBLISHED Reserved 2026-05-08 | Published 2026-05-28 | Updated 2026-05-29 | Assigner GitHub_M

MEDIUM: 6.8CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-770: Allocation of Resources Without Limits or Throttling

Product status

< 1.152.1

affected

References

github.com/...ynapse/security/advisories/GHSA-8q93-326v-3m7g

cve.org (CVE-2026-45078)

nvd.nist.gov (CVE-2026-45078)

Download JSON