Package impact
COMPOSER / symfony/security-http
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-45063 | high | — | 8.0 | 8d ago | Symfony Vulnerable to Identity Spoofing via Unanchored DN Regex in X509Authenticator | |
| CVE-2026-45069 | medium | — | 5.5 | 8d ago | Symfony's OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims | |
| CVE-2026-45074 | medium | — | 5.5 | 8d ago | Symfony's Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay | |
| CVE-2026-45075 | medium | — | 5.5 | 8d ago | Synfony's HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid] |