symfony/security-http Security Advisories for v5.2.6 (4)
-
CVE-2026-48489: Security Firewall Bypass via failure_forward Subrequest: Unauthenticated Access to access_control-Protected GET Routes
PKSA-c28x-6bj5-8spx CVE-2026-48489
Affected version: >=2.0.0,<3.0.0|>=3.0.0,<4.0.0|>=4.0.0,<5.0.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.53|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.41|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0|>=7.4.0,<7.4.13|>=8.0.0,<8.0.13
Reported by:
FriendsOfPHP/security-advisories -
[HIGH] CVE-2026-45063: Identity Spoofing via Unanchored DN Regex in X509Authenticator
PKSA-tbsf-h7vc-j7hn CVE-2026-45063 GHSA-ph86-p8f6-f9r2
Affected version: >=2.0.0,<3.0.0|>=3.0.0,<4.0.0|>=4.0.0,<5.0.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.52|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.40|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0|>=7.4.0,<7.4.12|>=8.0.0,<8.0.12
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[LOW] User enumeration in authentication mechanisms
PKSA-41vr-83ph-45yn GHSA-g2qj-pmxm-9f8f
Affected version: >=5.1.0,<5.2.8
Reported by:
GitHub -
[MEDIUM] CVE-2021-21424: Prevent user enumeration via response content in authentication mechanisms
PKSA-9qm5-hby2-7bvn CVE-2021-21424 GHSA-5pv8-ppvj-4h68
Affected version: >=5.1.0,<5.2.0|>=5.2.0,<5.2.8
Reported by:
GitHub, FriendsOfPHP/security-advisories