PT-2026-4925 · Unknown · Syncbreeze
Ahmed Elkhressy
·
Published
2026-01-27
·
Updated
2026-01-27
·
CVE-2020-36946
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
SyncBreeze version 10.0.28
Description
SyncBreeze version 10.0.28 contains a denial of service issue in the 'login' endpoint. Remote attackers can send an oversized payload in a login request to overwhelm the application, potentially disrupting service availability. The vulnerable endpoint is
/login. The attack involves sending an oversized payload to the login endpoint, which can cause the service to crash.Recommendations
Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider limiting the size of the payload allowed in the 'login' endpoint.
Exploit
Fix
DoS
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Syncbreeze