CVE-2020-36946

SyncBreeze 10.0.28 contains a denial of service vulnerability in the login endpoint that allows remote attackers to crash the service. Attackers can send an oversized payload in the login request to overwhelm the application and potentially disrupt service availability.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://www.syncbreeze.com	Product
https://www.exploit-db.com/exploits/49291	Exploit Third Party Advisory
https://www.vulncheck.com/advisories/syncbreeze-login-denial-of-service	Third Party Advisory
https://www.exploit-db.com/exploits/49291	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:flexense:syncbreeze:10.0.28:*:*:*:enterprise:*:*:*

History

24 Mar 2026, 21:24

Type	Values Removed	Values Added
References	~~() http://www.syncbreeze.com -~~	() http://www.syncbreeze.com - Product
References	~~() https://www.exploit-db.com/exploits/49291 -~~	() https://www.exploit-db.com/exploits/49291 - Exploit, Third Party Advisory
References	~~() https://www.vulncheck.com/advisories/syncbreeze-login-denial-of-service -~~	() https://www.vulncheck.com/advisories/syncbreeze-login-denial-of-service - Third Party Advisory
CPE		cpe:2.3:a:flexense:syncbreeze:10.0.28::::enterprise:::
Summary		(es) SyncBreeze 10.0.28 contiene una vulnerabilidad de denegación de servicio en el endpoint de inicio de sesión que permite a atacantes remotos colapsar el servicio. Los atacantes pueden enviar una carga útil sobredimensionada en la solicitud de inicio de sesión para sobrecargar la aplicación y potencialmente interrumpir la disponibilidad del servicio.
First Time		Flexense syncbreeze Flexense

27 Jan 2026, 22:15

Type	Values Removed	Values Added
References	~~() https://www.exploit-db.com/exploits/49291 -~~	() https://www.exploit-db.com/exploits/49291 -

27 Jan 2026, 16:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-27 16:16

Updated : 2026-03-24 21:24

NVD link : CVE-2020-36946

Mitre link : CVE-2020-36946

CVE.ORG link : CVE-2020-36946

JSON object : View

Products Affected

flexense

syncbreeze

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

{"id": "CVE-2020-36946", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-01-27T16:16:11.857", "references": [{"url": "http://www.syncbreeze.com", "tags": ["Product"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/49291", "tags": ["Exploit", "Third Party Advisory"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/syncbreeze-login-denial-of-service", "tags": ["Third Party Advisory"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/49291", "tags": ["Exploit", "Third Party Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-770"}]}], "descriptions": [{"lang": "en", "value": "SyncBreeze 10.0.28 contains a denial of service vulnerability in the login endpoint that allows remote attackers to crash the service. Attackers can send an oversized payload in the login request to overwhelm the application and potentially disrupt service availability."}, {"lang": "es", "value": "SyncBreeze 10.0.28 contiene una vulnerabilidad de denegaci\u00f3n de servicio en el endpoint de inicio de sesi\u00f3n que permite a atacantes remotos colapsar el servicio. Los atacantes pueden enviar una carga \u00fatil sobredimensionada en la solicitud de inicio de sesi\u00f3n para sobrecargar la aplicaci\u00f3n y potencialmente interrumpir la disponibilidad del servicio."}], "lastModified": "2026-03-24T21:24:00.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:flexense:syncbreeze:10.0.28:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "080D2272-4C32-4EC4-93C5-B634F0F2D364"}], "operator": "OR"}]}], "sourceIdentifier": "disclosure@vulncheck.com"}