PHP Framework Vulnerability in Symfony Affecting Multiple Versions
CVE-2026-45073
6.3MEDIUM
What is CVE-2026-45073?
Prior to specific versions, the Symfony PHP framework contains a vulnerability in the PdoAdapter::doClear() method. This method constructs a DELETE SQL statement using a namespace derived from user-supplied input. Because it does not properly bind or escape this input, an attacker able to manipulate the input can alter the intended behavior of the SQL statement, potentially allowing unauthorized data deletions or modifications. This flaw has been rectified in the fixed releases of Symfony.
Affected Version(s)
symfony < 5.4.52 < 5.4.52
symfony >= 6.0.0-BETA1, < 6.4.40 < 6.0.0-BETA1, 6.4.40
symfony >= 7.0.0-BETA1, < 7.4.12 < 7.0.0-BETA1, 7.4.12
