Nixpkgs security tracker

Untriaged

Permalink CVE-2026-45076

5.1 MEDIUM

CVSS version (CVSS): 4.0
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): None (N)
Privileges Required (PR): High (H)
User Interaction (UI): None (N)
Vulnerable System Impact Confidentiality (VC): None (N)
Vulnerable System Impact Integrity (VI): None (N)
Vulnerable System Impact Availability (VA): Low (L)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): None (N)
Modified Privileges Required (MPR): High (H)
Modified User Interaction (MUI): None (N)
Modified Vulnerable System Impact Confidentiality (MVC): None (N)
Modified Vulnerable System Impact Integrity (MVI): None (N)
Modified Vulnerable System Impact Availability (MVA): Low (L)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Automatable (AU): Not Defined (X)
Recovery (R): Not Defined (X)
Value Density (V): Not Defined (X)
Vulnerability Response Effort (RE): Not Defined (X)
Provider Urgency (U): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)
Exploit Maturity (E): Not Defined (X)

created 3 days, 4 hours ago Activity log

Created suggestion 3 days, 4 hours ago

Synapse pagination denial of service

Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, in federated rooms, malicious homeservers can craft room events in such a way that prevents Synapse from providing full history to paginating clients. Clients could therefore fail to display room history. This vulnerability is fixed in 1.152.1.

References

https://github.com/element-hq/synapse/security/advisories/GHSA-6qf2-7x63-mm6v x_refsource_CONFIRM

Affected products

synapse

==< 1.152.1

Matching in nixpkgs

pkgs.synapse

Semantic launcher to start applications and find relevant files

nixos-unstable 0.2.99.4
- nixpkgs-unstable 0.2.99.4
- nixos-unstable-small 0.2.99.4
nixos-25.11 0.2.99.4
- nixos-25.11-small 0.2.99.4
- nixpkgs-25.11-darwin 0.2.99.4

pkgs.synapse-bt

Flexible and fast BitTorrent daemon

nixos-unstable 2023-02-16
- nixpkgs-unstable 2023-02-16
- nixos-unstable-small 2023-02-16
nixos-25.11 2023-02-16
- nixos-25.11-small 2023-02-16
- nixpkgs-25.11-darwin 2023-02-16

pkgs.synapse-admin

Admin UI for Synapse Homeservers

nixos-unstable 0.11.1
- nixpkgs-unstable 0.11.1
- nixos-unstable-small 0.11.1
nixos-25.11 0.11.1
- nixos-25.11-small 0.11.1
- nixpkgs-25.11-darwin 0.11.1

pkgs.matrix-synapse

Matrix reference homeserver

nixos-unstable 1.152.1
- nixpkgs-unstable 1.152.1
- nixos-unstable-small 1.152.1
nixos-25.11 1.152.1
- nixos-25.11-small 1.152.1
- nixpkgs-25.11-darwin 1.152.1

pkgs.synapse-admin-etkecc

Maintained fork of the admin console for (Matrix) Synapse homeservers, including additional features

nixos-25.11 0.11.4-etke54
- nixos-25.11-small 0.11.4-etke54
- nixpkgs-25.11-darwin 0.11.4-etke54

pkgs.matrix-synapse-unwrapped

Matrix reference homeserver

nixos-unstable 1.152.1
- nixpkgs-unstable 1.152.1
- nixos-unstable-small 1.152.1
nixos-25.11 1.152.1
- nixos-25.11-small 1.152.1
- nixpkgs-25.11-darwin 1.152.1

pkgs.rust-synapse-compress-state

Tool to compress some state in a Synapse instance's database

nixos-unstable 0.1.4
- nixpkgs-unstable 0.1.4
- nixos-unstable-small 0.1.4
nixos-25.11 0.1.4
- nixos-25.11-small 0.1.4
- nixpkgs-25.11-darwin 0.1.4

pkgs.python312Packages.azure-mgmt-synapse

Microsoft Azure Synapse Management Client Library

nixos-25.11 2.0.0
- nixos-25.11-small 2.0.0
- nixpkgs-25.11-darwin 2.0.0

pkgs.python313Packages.azure-mgmt-synapse

Microsoft Azure Synapse Management Client Library

nixos-unstable 2.0.0
- nixpkgs-unstable 2.0.0
- nixos-unstable-small 2.0.0
nixos-25.11 2.0.0
- nixos-25.11-small 2.0.0
- nixpkgs-25.11-darwin 2.0.0

pkgs.python314Packages.azure-mgmt-synapse

Microsoft Azure Synapse Management Client Library

nixos-unstable 2.0.0
- nixpkgs-unstable 2.0.0
- nixos-unstable-small 2.0.0

pkgs.python312Packages.azure-synapse-spark

Microsoft Azure Synapse Spark Client Library

nixos-25.11 0.7.0
- nixos-25.11-small 0.7.0
- nixpkgs-25.11-darwin 0.7.0

pkgs.python313Packages.azure-synapse-spark

Microsoft Azure Synapse Spark Client Library

nixos-unstable 0.7.0
- nixpkgs-unstable 0.7.0
- nixos-unstable-small 0.7.0
nixos-25.11 0.7.0
- nixos-25.11-small 0.7.0
- nixpkgs-25.11-darwin 0.7.0

pkgs.python314Packages.azure-synapse-spark

Microsoft Azure Synapse Spark Client Library

nixos-unstable 0.7.0
- nixpkgs-unstable 0.7.0
- nixos-unstable-small 0.7.0

pkgs.matrix-synapse-plugins.matrix-synapse-pam

PAM auth provider for the Synapse Matrix server

nixos-unstable 0.1.3
- nixpkgs-unstable 0.1.3
- nixos-unstable-small 0.1.3
nixos-25.11 0.1.3
- nixos-25.11-small 0.1.3
- nixpkgs-25.11-darwin 0.1.3

pkgs.python312Packages.azure-synapse-artifacts

Microsoft Azure Synapse Artifacts Client Library for Python

nixos-25.11 0.21.0
- nixos-25.11-small 0.21.0
- nixpkgs-25.11-darwin 0.21.0

pkgs.python313Packages.azure-synapse-artifacts

Microsoft Azure Synapse Artifacts Client Library for Python

nixos-unstable 0.22.0
- nixpkgs-unstable 0.22.0
- nixos-unstable-small 0.22.0
nixos-25.11 0.21.0
- nixos-25.11-small 0.21.0
- nixpkgs-25.11-darwin 0.21.0

pkgs.python314Packages.azure-synapse-artifacts

Microsoft Azure Synapse Artifacts Client Library for Python

nixos-unstable 0.22.0
- nixpkgs-unstable 0.22.0
- nixos-unstable-small 0.22.0

pkgs.matrix-synapse-plugins.matrix-synapse-ldap3

LDAP3 auth provider for Synapse

nixos-unstable ldap3-0.4.0
- nixpkgs-unstable ldap3-0.4.0
- nixos-unstable-small ldap3-0.4.0
nixos-25.11 ldap3-0.3.0
- nixos-25.11-small ldap3-0.3.0
- nixpkgs-25.11-darwin ldap3-0.3.0