CVE-2026-45076
published 2026-05-28CVE-2026-45076: Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, in federated rooms, malicious homeservers can craft room events in such a way…
medium5.1CVSS 4.0
AVNACLATNPRHUINVCNVINVALSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, in federated rooms, malicious homeservers can craft room events in such a way that prevents Synapse from providing full history to paginating clients. Clients could therefore fail to display room history. This vulnerability is fixed in 1.152.1.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | matrix-synapse | >= 0 < 1.152.1 | 1.152.1 |
| element-hq | synapse | < 1.152.1 | 1.152.1 |