CVE-2026-45076

CVSS v4.0

6.9

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Synapse versions prior to 1.152.1

Description In federated rooms, malicious homeservers can craft room events that prevent the server from providing full history to paginating clients. This can result in clients failing to display the room history.

Recommendations Update to version 1.152.1 or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2026-45076

GHSA-6QF2-7X63-MM6V

OPENSUSE-SU-2026:10898-1

PYSEC-2026-194

Affected Products

Synapse

CVE-2026-45076

Weakness Enumeration

Related Identifiers

Affected Products

References · 16