What is the CVSS score of CVE-2020-36946?

CVE-2020-36946 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.1%.

Which versions of Syncbreeze are affected by CVE-2020-36946?

SyncBreeze 10.0.28 is vulnerable to denial of service attacks that can crash the service through malformed login requests, potentially disrupting business operations for users relying on this…

Is there a public PoC exploit available for CVE-2020-36946?

Yes, a public proof-of-concept exploit is available for CVE-2020-36946. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2020-36946?

Within 24 hours: Identify all SyncBreeze 10.0.28 instances in production and assess business criticality; implement network-level rate limiting on login endpoints. Within 7 days: Deploy WAF rules to block oversized payloads targeting the login endpoint; isolate affected systems from untrusted networks if possible. Within 30 days: Contact vendor for patch availability status; evaluate alternative solutions or schedule upgrade to patched version when available; conduct post-incident review if exploitation occurs.

Syncbreeze CVE-2020-36946

HIGH

Allocation of Resources Without Limits or Throttling (CWE-770)

2026-01-27 disclosure@vulncheck.com

Denial Of Service Syncbreeze

7.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.5 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

PoC Detected

Mar 24, 2026 - 21:24 vuln.today

Public exploit code

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

CVE Published

Jan 27, 2026 - 16:16 nvd

HIGH 7.5

DescriptionCVE.org

SyncBreeze 10.0.28 contains a denial of service vulnerability in the login endpoint that allows remote attackers to crash the service. Attackers can send an oversized payload in the login request to overwhelm the application and potentially disrupt service availability.

AnalysisAI

Technical ContextAI

Classified as CWE-770 (Allocation of Resources Without Limits or Throttling). Affects the login component of login endpoint. SyncBreeze 10.0.28 contains a denial of service vulnerability in the login endpoint that allows remote attackers to crash the service. Attackers can send an oversized payload in the login request to overwhelm the application and potentially disrupt service availability.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

CVE-2020-36946 vulnerability details – vuln.today

Back

Syncbreeze CVE-2020-36946

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code