Low severity2.7GHSA Advisory· Published May 28, 2026· Updated Jun 4, 2026
CVE-2026-45076
CVE-2026-45076
Description
Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, in federated rooms, malicious homeservers can craft room events in such a way that prevents Synapse from providing full history to paginating clients. Clients could therefore fail to display room history. This vulnerability is fixed in 1.152.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
matrix-synapsePyPI | < 1.152.1 | 1.152.1 |
Affected products
4- Range: < 1.152.1
- osv-coords3 versionspkg:apk/chainguard/synapsepkg:pypi/matrix-synapsepkg:rpm/opensuse/matrix-synapse&distro=openSUSE%20Tumbleweed
< 1.153.0-r0+ 2 more
- (no CPE)range: < 1.153.0-r0
- (no CPE)range: < 1.152.1
- (no CPE)range: < 1.153.0-2.1
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.