Vulnerability in Symfony PHP Framework Affecting Mailtrap Request Parser Security
CVE-2026-45755

6.9MEDIUM

Key Information:

Vendor

Symfony

Vendor
CVE Published:
14 July 2026

What is CVE-2026-45755?

A vulnerability in the Symfony PHP framework allows MailtrapRequestParser::doParse() to accept forged events as it does not validate the X-Mt-Signature HMAC header, which could lead to unauthorized access to Mailtrap delivery events like bounces, opens, clicks, or spam reports. This flaw affects versions of Symfony prior to 7.4.12 and 8.0.12, and it is crucial for users to upgrade to mitigate potential risks.

Affected Version(s)

mailtrap-mailer >= 7.2.0, < 7.4.12 < 7.2.0, 7.4.12

mailtrap-mailer >= 8.0.0-BETA1, < 8.0.12 < 8.0.0-BETA1, 8.0.12

symfony >= 7.2.0, < 7.4.12 < 7.2.0, 7.4.12

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.