Couchbase Sync Gateway — known CVE vulnerabilities
Every CVE whose affected-product data names Couchbase Sync Gateway, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2019-9039 — CVSS 9.8 (critical): In Couchbase Sync Gateway 2.1.2, an attacker with access to the Sync Gateway’s public REST API was able to issue additional N1QL…
CVE-2022-32563 — CVSS 9.8 (critical): An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate…
CVE-2021-43963 — CVSS 8.1 (high): An issue was discovered in Couchbase Sync Gateway 2.7.0 through 2.8.2. The bucket credentials used to read and write data in Couchbase…
CVE-2020-9041 — CVSS 7.5 (high): In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0, the Cluster management, views, query, and full-text search endpoints…
CVE-2025-52490 — CVSS 7.3 (high): An issue was discovered in Couchbase Sync Gateway before 3.2.6. In sgcollect_info_options.log and sync_gateway.log, there are cleartext…