{"id":"PYSEC-2026-191","details":"Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, local authenticated users can cause Synapse to starve other requests of CPU and lead to other requests failing, causing other users to be denied service. This vulnerability is fixed in 1.152.1.","aliases":["CVE-2026-45078","GHSA-8q93-326v-3m7g"],"modified":"2026-06-03T12:45:18.070288002Z","published":"2026-05-28T17:16:31.750Z","references":[{"type":"ADVISORY","url":"https://github.com/element-hq/synapse/security/advisories/GHSA-8q93-326v-3m7g"}],"affected":[{"package":{"name":"matrix-synapse","ecosystem":"PyPI","purl":"pkg:pypi/matrix-synapse"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.152.1"}]}],"versions":["0.33.5","0.33.5.1","0.33.6","0.33.6rc1","0.33.7","0.33.7rc1","0.33.7rc2","0.33.8","0.33.8rc2","0.33.9","0.34.0","0.34.0.1","0.34.0rc1","0.34.0rc2","0.34.1.1","0.99.0","0.99.0rc1","0.99.0rc2","0.99.0rc3","0.99.0rc4","0.99.1","0.99.1.1","0.99.1rc1","0.99.1rc2","0.99.2","0.99.2rc1","0.99.3","0.99.3.1","0.99.3.2","0.99.3rc1","0.99.4","0.99.4rc1","0.99.5","0.99.5.1","0.99.5.2","0.99.5rc1","1.0.0","1.0.0rc1","1.0.0rc2","1.0.0rc3","1.1.0","1.1.0rc1","1.1.0rc2","1.10.0","1.10.0rc1","1.10.0rc2","1.10.0rc3","1.10.0rc5","1.10.1","1.100.0","1.100.0rc2","1.100.0rc3","1.101.0","1.101.0rc1","1.102.0","1.102.0rc1","1.103.0","1.103.0rc1","1.104.0","1.104.0rc1","1.105.0","1.105.0rc1","1.105.1","1.106.0","1.106.0rc1","1.107.0","1.107.0rc1","1.108.0","1.108.0rc1","1.109.0","1.109.0rc1","1.109.0rc2","1.109.0rc3","1.11.0","1.11.0rc1","1.11.1","1.110.0","1.110.0rc2","1.110.0rc3","1.111.0","1.111.0rc1","1.111.0rc2","1.111.1","1.112.0","1.112.0rc1","1.113.0","1.113.0rc1","1.114.0","1.114.0rc1","1.114.0rc3","1.115.0","1.115.0rc1","1.115.0rc2","1.116.0","1.116.0rc1","1.116.0rc2","1.117.0","1.117.0rc1","1.118.0","1.118.0rc1","1.119.0","1.119.0rc2","1.12.0","1.12.0rc1","1.12.1","1.12.1rc1","1.12.2","1.12.3","1.12.4","1.12.4rc1","1.120.0","1.120.0rc1","1.120.2","1.121.0","1.121.0rc1","1.121.1","1.122.0","1.122.0rc1","1.123.0","1.123.0rc1","1.124.0","1.124.0rc1","1.124.0rc2","1.124.0rc3","1.125.0","1.125.0rc1","1.126.0","1.126.0rc2","1.126.0rc3","1.127.0","1.127.0rc1","1.127.1","1.128.0","1.128.0rc1","1.129.0","1.129.0rc2","1.13.0","1.13.0rc1","1.13.0rc2","1.13.0rc3","1.130.0","1.130.0rc1","1.131.0","1.131.0rc1","1.132.0","1.132.0rc1","1.133.0","1.133.0rc1","1.134.0","1.134.0rc1","1.135.0","1.135.0rc1","1.135.0rc2","1.135.2","1.136.0","1.136.0rc1","1.136.0rc2","1.137.0","1.137.0rc1","1.138.0","1.138.0rc1","1.138.2","1.138.3","1.138.4","1.139.0","1.139.0rc2","1.139.0rc3","1.139.1","1.139.2","1.14.0","1.14.0rc1","1.14.0rc2","1.140.0","1.140.0rc1","1.141.0","1.141.0rc1","1.141.0rc2","1.142.0","1.142.0rc3","1.142.0rc4","1.142.1","1.143.0","1.143.0rc2","1.144.0","1.144.0rc1","1.145.0","1.145.0rc1","1.145.0rc2","1.145.0rc3","1.145.0rc4","1.146.0","1.146.0rc1","1.147.0","1.147.0rc1","1.147.1","1.148.0","1.148.0rc1","1.149.0","1.149.0rc1","1.149.1","1.15.0","1.15.0rc1","1.15.1","1.15.2","1.150.0","1.150.0rc1","1.151.0","1.151.0rc1","1.152.0","1.152.0rc1","1.16.0","1.16.0rc1","1.16.0rc2","1.16.1","1.17.0","1.17.0rc1","1.18.0","1.18.0rc1","1.18.0rc2","1.19.0","1.19.0rc1","1.19.1","1.19.1rc1","1.19.2","1.19.3","1.2.0","1.2.0rc1","1.2.0rc2","1.2.1","1.20.0","1.20.0rc1","1.20.0rc2","1.20.0rc3","1.20.0rc4","1.20.0rc5","1.20.1","1.21.0","1.21.0rc1","1.21.0rc2","1.21.0rc3","1.21.1","1.21.2","1.22.0","1.22.0rc1","1.22.0rc2","1.22.1","1.23.0","1.23.0rc1","1.23.1","1.24.0","1.24.0rc1","1.24.0rc2","1.25.0","1.25.0rc1","1.26.0","1.26.0rc1","1.26.0rc2","1.27.0","1.27.0rc1","1.27.0rc2","1.28.0","1.28.0rc1","1.29.0","1.29.0rc1","1.3.0","1.3.0rc1","1.3.1","1.30.0","1.30.0rc1","1.30.1","1.31.0","1.31.0rc1","1.32.0","1.32.0rc1","1.32.1","1.32.2","1.33.0","1.33.0rc1","1.33.0rc2","1.33.1","1.33.2","1.34.0","1.34.0rc1","1.35.0","1.35.0rc1","1.35.0rc2","1.35.0rc3","1.35.1","1.36.0","1.36.0rc1","1.36.0rc2","1.37.0","1.37.0rc1","1.37.1","1.37.1rc1","1.38.0","1.38.0rc1","1.38.0rc2","1.38.0rc3","1.38.1","1.39.0","1.39.0rc1","1.39.0rc2","1.39.0rc3","1.4.0","1.4.0rc1","1.4.0rc2","1.4.1","1.4.1rc1","1.40.0","1.40.0rc1","1.40.0rc2","1.40.0rc3","1.41.0","1.41.0rc1","1.41.1","1.42.0","1.42.0rc1","1.42.0rc2","1.43.0","1.43.0rc1","1.43.0rc2","1.44.0","1.44.0rc1","1.44.0rc2","1.44.0rc3","1.45.0","1.45.0rc1","1.45.0rc2","1.45.1","1.46.0","1.46.0rc1","1.47.0","1.47.0rc1","1.47.0rc2","1.47.0rc3","1.47.1","1.48.0","1.48.0rc1","1.49.0","1.49.0rc1","1.49.2","1.5.0","1.5.0rc1","1.5.0rc2","1.5.1","1.50.0","1.50.0rc1","1.50.0rc2","1.50.1","1.50.2","1.51.0","1.51.0rc1","1.51.0rc2","1.52.0","1.52.0rc1","1.53.0","1.53.0rc1","1.54.0","1.54.0rc1","1.55.0","1.55.0rc1","1.55.1","1.55.2","1.56.0","1.56.0rc1","1.57.0","1.57.0rc1","1.57.1","1.58.0","1.58.0rc2","1.58.1","1.59.0","1.59.0rc1","1.59.0rc2","1.59.1","1.6.0","1.6.0rc1","1.6.0rc2","1.6.1","1.60.0","1.60.0rc1","1.60.0rc2","1.61.0","1.61.0rc1","1.61.1","1.62.0","1.62.0rc1","1.62.0rc2","1.62.0rc3","1.63.0","1.63.0rc1","1.63.1","1.64.0","1.64.0rc1","1.64.0rc2","1.65.0","1.65.0rc1","1.65.0rc2","1.66.0","1.66.0rc1","1.66.0rc2","1.67.0","1.67.0rc1","1.68.0","1.68.0rc1","1.68.0rc2","1.69.0","1.69.0rc1","1.69.0rc2","1.69.0rc4","1.7.0","1.7.0rc1","1.7.0rc2","1.7.1","1.7.2","1.7.3","1.70.0","1.70.0rc1","1.70.0rc2","1.70.1","1.71.0","1.71.0rc1","1.71.0rc2","1.72.0","1.72.0rc1","1.73.0","1.73.0rc2","1.74.0","1.74.0rc1","1.75.0","1.75.0rc1","1.75.0rc2","1.76.0","1.76.0rc1","1.76.0rc2","1.77.0","1.77.0rc1","1.77.0rc2","1.78.0","1.78.0rc1","1.79.0","1.79.0rc1","1.79.0rc2","1.8.0","1.8.0rc1","1.80.0","1.80.0rc1","1.80.0rc2","1.81.0","1.81.0rc1","1.81.0rc2","1.82.0","1.82.0rc1","1.83.0","1.83.0rc1","1.84.0","1.84.0rc1","1.84.1","1.85.0","1.85.0rc1","1.85.0rc2","1.85.1","1.85.2","1.86.0","1.86.0rc2","1.87.0","1.87.0rc1","1.88.0","1.88.0rc1","1.89.0","1.89.0rc1","1.9.0","1.9.0.dev1","1.9.0.dev2","1.9.0rc1","1.9.1","1.90.0","1.90.0rc1","1.91.0","1.91.0rc1","1.91.1","1.91.2","1.92.0rc1","1.92.1","1.92.2","1.92.3","1.93.0","1.93.0rc1","1.94.0","1.94.0rc1","1.95.0","1.95.0rc1","1.95.1","1.96.0rc1","1.96.1","1.97.0","1.97.0rc1","1.98.0","1.98.0rc1","1.99.0","1.99.0rc1"],"ecosystem_specific":{},"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/matrix-synapse/PYSEC-2026-191.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}