CVE-2026-45076— Synapse pagination denial of service
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| element-hq | synapse | < 1.152.1 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-45076
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Synapse pagination denial of service
Source: NVD (National Vulnerability Database)
Vulnerability Description
Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, in federated rooms, malicious homeservers can craft room events in such a way that prevents Synapse from providing full history to paginating clients. Clients could therefore fail to display room history. This vulnerability is fixed in 1.152.1.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
synapse 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
synapse是Element开源的一个矩阵主服务器。 synapse 1.152.1之前版本存在输入验证错误漏洞,该漏洞源于恶意服务器可构造房间事件阻止完整历史记录提供给分页客户端。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| element-hq | synapse | < 1.152.1 | - |
II. Public POCs for CVE-2026-45076
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-45076
请登录查看更多情报信息。
Other References for CVE-2026-45076 (1)
IV. Related Vulnerabilities
Same product: synapse
- CVE-2026-45078
Synapse CPU starvation (Denial of Service) - CVE-2025-61672
Synapse: Invalid device keys degrade federation functionalit - CVE-2025-30355
Synapse vulnerable to federation denial of service via malfo - CVE-2024-37303
Synapse unauthenticated writes to the media repository allow - CVE-2024-37302
Synapse denial of service through media disk space consumpti
Same vendor: element-hq
- CVE-2026-45078
Synapse CPU starvation (Denial of Service) - CVE-2026-24044
ESS Community Helm Chart has a weak server key generation me - CVE-2025-62425
Matrix Authentication Service account password can be change - CVE-2025-61672
Synapse: Invalid device keys degrade federation functionalit - CVE-2025-59161
In Element Web and Element Desktop, a malicious room can hid
Same weakness: CWE-20
- CVE-2026-45352
cpp-httplib DoS: Negative chunk-size in chunked Transfer-Enc - CVE-2026-44518
liboqs: XMSS Buffer Overread Bug - CVE-2026-45628
Dokploy: Command Injection via Unescaped Branch Fields in De - CVE-2026-45615
mouse07410/asn1c: 1-byte Heap Out-of-Bounds Read in `INTEGER - CVE-2026-10021
Google Chrome 输入验证错误漏洞
V. Comments for CVE-2026-45076
No comments yet