Bug 2482770 (CVE-2026-45078)
| Summary: | CVE-2026-45078 synapse: Synapse: Denial of Service due to resource exhaustion by authenticated users | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in Synapse, an open source Matrix homeserver implementation. Local authenticated users can exploit this vulnerability to consume excessive CPU resources, causing the server to become unresponsive and denying service to other users. This can lead to a complete Denial of Service (DoS) for legitimate users of the homeserver.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2489275, 2489274 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2026-05-28 17:01:53 UTC
|