PHP Framework Vulnerability in Symfony Affecting Multiple Versions
CVE-2026-45305
8.7HIGH
What is CVE-2026-45305?
The Symfony framework presents a vulnerability in its Yaml component where the Parser::cleanup() method improperly utilizes overlapping quantifiers in regular expressions. This flaw can lead to prolonged parsing delays when processing specially crafted input. Versions prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12 are susceptible. It is essential for users to upgrade to these patched versions to ensure robust security against input manipulation risks.
Affected Version(s)
symfony < 5.4.52 < 5.4.52
symfony >= 6.0.0-BETA1, < 6.4.40 < 6.0.0-BETA1, 6.4.40
symfony >= 7.0.0-BETA1, < 7.4.12 < 7.0.0-BETA1, 7.4.12
