Primary

Context

Matrix Synapse CPU Starvation Vulnerability Leading to Denial-of-Service

Vulnerability

Patched

A denial-of-service vulnerability has been identified in Matrix Synapse versions prior to 1.152.1. This issue allows local authenticated users to consume excessive CPU resources, causing other requests to fail and denying service to other users. Homeservers that trust all local users are not vulnerable.

Impact

Exploitation of this vulnerability leads to CPU starvation, causing requests to fail and denying service to other users.

Remediation

Users can update to Synapse version 1.152.1 or later to address this vulnerability. If Synapse is behind a reverse proxy, the proxy can be configured to limit user request rates, mitigating the attack.

Added: May 28, 2026, 6:07 PM

Updated: May 28, 2026, 6:07 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

5.4

remediation

7.9

relevance

9.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

5.4

remediation

7.9

relevance

9.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Matrix Synapse CPU Starvation Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

Element Synapse

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating