CVE-2026-45078
Publication date 28 May 2026
Last updated 6 June 2026
Ubuntu priority
Description
Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, local authenticated users can cause Synapse to starve other requests of CPU and lead to other requests failing, causing other users to be denied service. This vulnerability is fixed in 1.152.1.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| matrix-synapse | 26.04 LTS resolute | Not in release |
| 25.10 questing | Not in release | |
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
5.5 · Medium
|
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |