PHP Framework Vulnerability in Symfony Affecting Server Log Listener
CVE-2026-45077

8.3HIGH

Key Information:

Vendor

Symfony

Vendor
CVE Published:
14 July 2026

What is CVE-2026-45077?

The Symfony PHP framework has a vulnerability within the Server Log Listener component. By default, the listener binds to 0.0.0.0:9911 and handles incoming connections without proper authentication or checks on the serialized data it processes. This exposes systems to risks where an attacker can send crafted serialized PHP payloads, potentially leading to crashes of the listener or exploitation through object-injection attacks. This risk has been mitigated in the subsequent releases: 5.4.52, 6.4.40, 7.4.12, and 8.0.12.

Affected Version(s)

monolog-bridge < 5.4.52 < 5.4.52

monolog-bridge >= 6.0.0-BETA1, < 6.4.40 < 6.0.0-BETA1, 6.4.40

monolog-bridge >= 7.0.0-BETA1, < 7.4.12 < 7.0.0-BETA1, 7.4.12

References

CVSS V4

Score:
8.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.