Primary

Context

SyncBreeze Denial-of-Service Vulnerability in Login Endpoint

Vulnerability

A denial-of-service vulnerability has been identified in SyncBreeze version 10.0.28. The issue resides in the login endpoint, where remote attackers can send oversized payloads in the login request. This action overwhelms the application, causing it to crash and disrupt service availability.

Impact

Exploitation of this vulnerability leads to a crash of the SyncBreeze service, causing a disruption in file synchronization operations.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/login' endpoint with an oversized payload in the 'username' or 'password' fields. This can be done using a network socket connection.

Added: Jan 27, 2026, 4:51 PM

Updated: Jan 27, 2026, 10:31 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.0

remediation

0.0

relevance

2.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.0

remediation

0.0

relevance

2.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SyncBreeze Denial-of-Service Vulnerability in Login Endpoint

Vulnerability

Impact

Reproduction

Affected Products

SyncBreeze

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating