Element-hq Synapse

11 CVEs affecting Element-hq Synapse. Latest disclosed: 2026-05-28. Critical: 0, High: 2.

Top CVEs affecting Element-hq Synapse
CVE	Severity	Score	Published	Summary
`CVE-2024-37302`	High	`7.5`	2024-12-03	Synapse is an open-source Matrix homeserver. Synapse versions before 1.106 are vulnerable to a disk fill attack, where an unauthenticated adversary can induce…
`CVE-2025-30355`	High	`7.1`	2025-03-27	Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 fro…
`CVE-2024-31208`	Medium	`6.5`	2024-04-23	Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch spe…
`CVE-2026-45078`	Medium	`5.5`	2026-05-28	Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, local authenticated users can cause Synapse to starve other requests of CPU and l…
`CVE-2024-37303`	Medium	`5.3`	2024-12-03	Synapse is an open-source Matrix homeserver. Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and cach…
`CVE-2024-53867`	Medium	`4.3`	2024-12-03	Synapse is an open-source Matrix homeserver. The Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to…
`CVE-2026-45076`	Low	`2.7`	2026-05-28	Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, in federated rooms, malicious homeservers can craft room events in such a way tha…
`CVE-2025-61672`			2025-10-08	Synapse is an open source Matrix homeserver implementation. Lack of validation for device keys in Synapse before 1.138.3 and in Synapse 1.139.0 allow an attack…
`CVE-2024-52805`			2024-12-03	Synapse is an open-source Matrix homeserver. In Synapse before 1.120.1, multipart/form-data requests can in certain configurations transiently increase memory…
`CVE-2024-52815`			2024-12-03	Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability all…
`CVE-2024-53863`			2024-12-03	Synapse is an open-source Matrix homeserver. In Synapse versions before 1.120.1, enabling the dynamic_thumbnails option or processing a specially crafted reque…