CVE-2026-45078 is a medium-severity denial-of-service vulnerability in Synapse, the open-source Matrix homeserver implementation maintained by Element. Published on 2026-05-28, this vulnerability allows local authenticated users to trigger CPU resource exhaustion, causing other requests to fail and denying service to other users. The attack vector is local (AV:L) with low attack complexity (AC:L) and low [truncated]
CVE-2026-45076 is a medium-severity vulnerability in Synapse, an open-source Matrix homeserver implementation. The issue, published on 2026-05-28, affects versions prior to 1.152.1. In federated rooms, malicious homeservers can craft room events that prevent Synapse from providing complete history to paginating clients, potentially causing clients to fail to display room history. The vulnerability is clas [truncated]
