CVE-2026-49211 in Symfonyinformación

Resumen

por MITRE • 2026-07-17

Symfony UX is a JavaScript ecosystem for Symfony. From 2.2.0 until 2.36.0 and 3.1.0, Symfony\UX\Autocomplete\Doctrine\EntitySearchUtil::addSearchClause() builds the LIKE expression used by the autocomplete endpoint by wrapping the client-supplied query in %...% without escaping SQL LIKE wildcards (%, _, \), allowing unauthenticated users to turn the public BaseEntityAutocompleteType endpoint into a broad matcher or blind boolean oracle against every column in default searchable_fields. This issue is fixed in versions 2.36.0 and 3.1.0.

Once again VulDB remains the best source for vulnerability data.

Responsable

GitHub M

Reservar

2026-05-28

Divulgación

2026-07-17

Moderación

aceptado

Artículo

VDB-379856

CPE

listo

EPSS

0.00000

KEV

no

Actividades

muy bajo

Fuentes

Might our Artificial Intelligence support you?

Check our Alexa App!