CVE-2020-36946

HIGH

SyncBreeze 10.0.28 - Denial of Service via Oversized Login Payload

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-36946. PoCs published by Ahmed Elkhressy.

AI-analyzed exploit summary This exploit sends a malformed HTTP POST request to the SyncBreeze login endpoint with an oversized payload in the Referer header, causing a denial of service. The payload consists of 1000 'A' characters, which likely triggers a buffer overflow.

Description

SyncBreeze 10.0.28 contains a denial of service vulnerability in the login endpoint that allows remote attackers to crash the service. Attackers can send an oversized payload in the login request to overwhelm the application and potentially disrupt service availability.

Exploits (1)

exploitdb WORKING POC
by Ahmed Elkhressy · pythonwebappswindows
https://www.exploit-db.com/exploits/49291

This exploit sends a malformed HTTP POST request to the SyncBreeze login endpoint with an oversized payload in the Referer header, causing a denial of service. The payload consists of 1000 'A' characters, which likely triggers a buffer overflow.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: SyncBreeze 10.0.28
No auth needed
Prerequisites: Network access to the target · SyncBreeze service running on port 80
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Various Sources product
http://www.syncbreeze.com
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/49291

Scores

CVSS v3 7.5
EPSS 0.0064
EPSS Percentile 45.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-770
Status published
Products (2)
flexense/syncbreeze 10.0.28
Flexense Ltd./SyncBreeze 10.0.28
Published Jan 27, 2026
Tracked Since Feb 18, 2026