By vendor

Element vulnerabilities

Known CVEs affecting Element products, prioritized by severity, with SEC.co remediation and detection guidance.

2 published vulnerabilities

  • CVE-2026-45078MEDIUM 5.5

    Synapse, an open-source Matrix homeserver, contains a denial-of-service vulnerability affecting versions prior to 1.152.1. An authenticated local user can craft requests that consume excessive CPU resources, starving other legitimate requests and causing service degradation for other users. The attack requires valid credentials and local system access but does not require user interaction.

  • CVE-2026-45076LOW 2.7

    Synapse, an open-source Matrix homeserver implementation used for federated messaging, contains a flaw in how it handles room history in cross-server deployments. Malicious homeservers can craft specially formed room events that cause Synapse instances to withhold historical messages from clients requesting older conversation data. Users may see incomplete chat histories or missing messages when paginating through room archives. This is a low-severity issue because it requires a compromised or malicious federated peer and affects data availability rather than confidentiality or integrity.