PHP Framework Vulnerability in Symfony Affecting Server Log Listener
CVE-2026-45077
8.3HIGH
What is CVE-2026-45077?
The Symfony PHP framework has a vulnerability within the Server Log Listener component. By default, the listener binds to 0.0.0.0:9911 and handles incoming connections without proper authentication or checks on the serialized data it processes. This exposes systems to risks where an attacker can send crafted serialized PHP payloads, potentially leading to crashes of the listener or exploitation through object-injection attacks. This risk has been mitigated in the subsequent releases: 5.4.52, 6.4.40, 7.4.12, and 8.0.12.
Affected Version(s)
monolog-bridge < 5.4.52 < 5.4.52
monolog-bridge >= 6.0.0-BETA1, < 6.4.40 < 6.0.0-BETA1, 6.4.40
monolog-bridge >= 7.0.0-BETA1, < 7.4.12 < 7.0.0-BETA1, 7.4.12
