Is matrix-synapse affected by CVE-2026-45078?

PyPI matrix-synapse is affected in <1.152.1.

Is CVE-2026-45078 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.1%.

← All vulnerabilities

MEDIUMSupply chain

CVE-2026-45078

Q: Is CVE-2026-45078 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.1%.

PyPI · matrix-synapse

Summary

Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, local authenticated users can cause Synapse to starve other requests of CPU and lead to other requests failing, causing other users to be denied service. This vulnerability is fixed in 1.152.1.

References

https://github.com/element-hq/synapse/security/advisories/GHSA-8q93-326v-3m7g

Related vulnerabilities

All Supply chain →

HIGHCVE-2026-52801
Gogs has the ability to import local repositories via Mirror Settings
HIGHCVE-2026-52800
Gogs Vulnerable to CSRF Leading to Organization Owner Takeover
HIGHCVE-2026-52799
Gogs Missing Authorization in Attachment Download
HIGHCVE-2026-52798
Gogs has Stored XSS in `.ipynb` Preview
MEDIUMCVE-2026-50179
@actual-app/web has CSV Formula Injection in Transaction Export via Imported Payee/Notes Fields
HIGHCVE-2026-54353
@budibase/backend-core has potential SSRF DNS rebinding bypass in outbound fetch validation