| CVE |
Severity |
CVSS |
Risk |
Published |
Description |
Impact |
| CVE-2026-45063 |
high |
— |
8.0 |
8d ago |
Symfony Vulnerable to Identity Spoofing via Unanchored DN Regex in X509Authenticator |
|
| CVE-2026-45069 |
medium |
— |
5.5 |
8d ago |
Symfony's OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims |
|
| CVE-2026-45074 |
medium |
— |
5.5 |
8d ago |
Symfony's Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay |
|
| CVE-2026-45075 |
medium |
— |
5.5 |
8d ago |
Synfony's HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid] |
|