{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/symfony/html-sanitizer/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["symfony/html-sanitizer","symfony/json-path","symfony/lox24-notifier","symfony/mailjet-mailer","symfony/mailtrap-mailer","symfony/mime","symfony/monolog-bridge","symfony/runtime","symfony/symfony","symfony/twilio-notifier","symfony/yaml"],"_cs_severities":["medium"],"_cs_tags":["symfony","vulnerability","dos","xss","csrf"],"_cs_type":"advisory","_cs_vendors":["Symfony"],"content_html":"\u003cp\u003eOn May 20, 2026, CERT-FR published an advisory regarding multiple vulnerabilities discovered in the Symfony framework. These vulnerabilities impact various components, including symfony/html-sanitizer, symfony/json-path, symfony/lox24-notifier, symfony/mailjet-mailer, symfony/mailtrap-mailer, symfony/mime, symfony/monolog-bridge, symfony/runtime, symfony/symfony, symfony/twilio-notifier and symfony/yaml. Exploitation of these vulnerabilities could allow an attacker to perform a remote denial of service (DoS), inject malicious code remotely (XSS), or perform Cross-Site Request Forgery (CSRF) attacks against users of a vulnerable application. The advisory lists versions prior to specific releases as vulnerable, depending on the component and branch (5.4.x, 6.4.x, 7.4.x, 8.0.x). These vulnerabilities pose a significant risk to applications built on the Symfony framework.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003cp\u003eGiven the variety of vulnerabilities, a generalized attack chain is presented:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a Symfony application running a vulnerable version of a component like symfony/mime, or symfony/html-sanitizer.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious payload tailored to the specific vulnerability. For example, for XSS, this might involve injecting JavaScript into a field processed by the vulnerable component. For CSRF, this would be tricking the user into submitting a malicious request. For DoS, this could involve sending excessive data to exhaust resources.\u003c/li\u003e\n\u003cli\u003eThe attacker delivers the payload to the Symfony application, potentially via a user-supplied input field, or directly through HTTP requests.\u003c/li\u003e\n\u003cli\u003eThe vulnerable component processes the malicious payload. For example, the symfony/mime component may parse a malformed email, leading to a DoS.\u003c/li\u003e\n\u003cli\u003eThe malicious payload is executed by the application. An XSS payload is executed within the user\u0026rsquo;s browser context. A CSRF payload causes an unauthorized action to be performed on behalf of the user. A DoS payload causes the application to become unresponsive.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves their objective, such as gaining unauthorized access to user accounts through XSS, performing unauthorized actions through CSRF, or disrupting application availability through DoS.\u003c/li\u003e\n\u003cli\u003eDepending on the specific vulnerability and application, the attacker may chain multiple exploits to gain further access or control.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of these vulnerabilities can lead to a range of impacts, including denial of service, where the application becomes unavailable to legitimate users, cross-site scripting, which allows attackers to execute malicious JavaScript in the context of a user\u0026rsquo;s browser, potentially leading to account compromise or data theft, and cross-site request forgery, which allows attackers to perform unauthorized actions on behalf of a user without their knowledge. The number of affected systems is potentially large, given the widespread use of the Symfony framework in web application development.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the affected Symfony components to the latest versions as specified in the Symfony security advisories GHSA-4qpc-3hr4-r2p4, GHSA-55rj-x2vc-4whq, GHSA-59f3-vp2f-mp9w, GHSA-64hg-93w9-fc35, GHSA-8v8v-g73j-492j, GHSA-9frc-8383-795m, GHSA-fqc7-9xjw-jrh3, GHSA-hhg7-c65m-h7ff, GHSA-m7v2-7gxm-vc2v, and GHSA-vqc8-7275-q272 to remediate the vulnerabilities.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious activity, such as unusual HTTP requests or patterns that may indicate exploitation attempts.\u003c/li\u003e\n\u003cli\u003eDeploy a web application firewall (WAF) with rules to detect and block common XSS and CSRF attacks, as these are potential vectors for exploiting the vulnerabilities.\u003c/li\u003e\n\u003cli\u003eImplement strict input validation and output encoding to prevent XSS vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-20T14:08:41Z","date_published":"2026-05-20T14:08:41Z","id":"https://feed.craftedsignal.io/briefs/2026-05-symfony-multiple-vulns/","summary":"Multiple vulnerabilities in Symfony, including CVE-2026-45070, CVE-2026-45077, CVE-2026-45304, CVE-2026-45305, CVE-2026-45753, CVE-2026-45754, CVE-2026-45755, CVE-2026-45756, CVE-2026-46626, and CVE-2026-47212, can lead to remote denial of service, cross-site scripting (XSS), and cross-site request forgery (CSRF) attacks.","title":"Multiple Vulnerabilities in Symfony Framework","url":"https://feed.craftedsignal.io/briefs/2026-05-symfony-multiple-vulns/"}],"language":"en","title":"CraftedSignal Threat Feed — Symfony/Html-Sanitizer","version":"https://jsonfeed.org/version/1.1"}