CVE-2020-36946

HIGH

SyncBreeze 10.0.28 - DoS

Title source: llm

Description

SyncBreeze 10.0.28 contains a denial of service vulnerability in the login endpoint that allows remote attackers to crash the service. Attackers can send an oversized payload in the login request to overwhelm the application and potentially disrupt service availability.

Exploits (1)

exploitdb WORKING POC

by Ahmed Elkhressy · pythonwebappswindows

https://www.exploit-db.com/exploits/49291

View Code ZIP pw:eip

References (3)

[Various Sources] http://www.syncbreeze.com

[Third Party Advisory] https://www.vulncheck.com/advisories/syncbreeze-login-denial-of-service

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/49291

Scores

CVSS v3 7.5

EPSS 0.0022

EPSS Percentile 44.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-770

Status published

Products (2)

flexense/syncbreeze 10.0.28

Flexense Ltd./SyncBreeze 10.0.28

Published Jan 27, 2026

Tracked Since Feb 18, 2026