CVE-2026-45074
MEDIUM SEVERITYVulnerability Description
Symfony's Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay
Vulnerability Details
Published Date
Last Modified
Source
GitHub
Vendor
composer
Product
symfony/security-http
External References
- https://github.com/symfony/symfony/security/advisories/GHSA-j8gj-9rm5-4xhx
- https://github.com/symfony/symfony/commit/5ba145dba702404801bdf9e7e8d6df170060d541
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2026-45074.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45074.yaml
- https://symfony.com/cve-2026-45074
- https://github.com/advisories/GHSA-j8gj-9rm5-4xhx
Discussion (0)
Add Comment
No comments yet. Be the first!