CVE-2026-45069 in Symfonyinformación

Resumen

por MITRE • 2026-07-14

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, 7.4.12, and 8.0.12, OidcTokenHandler::verifyClaims() registered audience (aud), issuer (iss), and expiry (exp) checkers but did not pass the mandatory claims list to ClaimCheckerManager::check(), so a validly signed JWT that omitted those claims could pass verification. This issue is fixed in versions 6.4.40, 7.4.12, and 8.0.12.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Responsable

GitHub M

Reservar

2026-05-08

Divulgación

2026-07-14

Moderación

aceptado

Artículo

VDB-378610

CPE

listo

EPSS

0.00242

KEV

no

Actividades

bajo

Fuentes

Want to know what is going to be exploited?

We predict KEV entries!