CVE-2026-45076

Severity CVSS v4.0:
MEDIUM
Type:
CWE-20 Input Validation
Publication date:
28/05/2026
Last modified:
04/06/2026

Description

Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, in federated rooms, malicious homeservers can craft room events in such a way that prevents Synapse from providing full history to paginating clients. Clients could therefore fail to display room history. This vulnerability is fixed in 1.152.1.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:element:synapse:*:*:*:*:*:*:*:* 1.152.1 (excluding)