Vulnerability in Symfony PHP Framework Affecting Mailtrap Request Parser Security
CVE-2026-45755
6.9MEDIUM
What is CVE-2026-45755?
A vulnerability in the Symfony PHP framework allows MailtrapRequestParser::doParse() to accept forged events as it does not validate the X-Mt-Signature HMAC header, which could lead to unauthorized access to Mailtrap delivery events like bounces, opens, clicks, or spam reports. This flaw affects versions of Symfony prior to 7.4.12 and 8.0.12, and it is crucial for users to upgrade to mitigate potential risks.
Affected Version(s)
mailtrap-mailer >= 7.2.0, < 7.4.12 < 7.2.0, 7.4.12
mailtrap-mailer >= 8.0.0-BETA1, < 8.0.12 < 8.0.0-BETA1, 8.0.12
symfony >= 7.2.0, < 7.4.12 < 7.2.0, 7.4.12
