CVE-2020-36946 HIGH

CVE-2020-36946: SyncBreeze 10.0.28 - 'login' Denial of Service

Vendor Flexense Ltd.
Product SyncBreeze
Weakness CWE-770 · Uncontrolled resource consumption
Published January 27, 2026
Last update April 7, 2026

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

SyncBreeze 10.0.28 contains a denial of service vulnerability in the login endpoint that allows remote attackers to crash the service. Attackers can send an oversized payload in the login request to overwhelm the application and potentially disrupt service availability.

Key dates

02Disclosure timeline

January 27, 2026 CVE published
April 7, 2026 Record updated