CVE-2026-48736
MEDIUM SEVERITYVulnerability Description
Symfony: IpUtils::PRIVATE_SUBNETS Omits IPv6 Transition Forms (6to4, NAT64, Teredo, IPv4-compatible): SSRF Bypass in NoPrivateNetworkHttpClient
Vulnerability Details
Published Date
Last Modified
Source
GitHub
Vendor
composer
Product
symfony/http-client
External References
- https://github.com/symfony/symfony/security/advisories/GHSA-38cx-cq6f-5755
- https://github.com/symfony/symfony/commit/82765368cf74177c36613575182f168a2eb765b2
- https://github.com/symfony/symfony/commit/85b831555be8ea1f43bf01078afe87bc4c92f65e
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-client/CVE-2026-48736.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2026-48736.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-48736.yaml
- https://symfony.com/cve-2026-48736
- https://github.com/advisories/GHSA-38cx-cq6f-5755
Discussion (0)
Add Comment
No comments yet. Be the first!