Product
high
threat
Symfony Email Header / SMTP Command Injection via CRLF Characters
2 rules 1 TTPSymfony's Mime Address component is susceptible to email header and SMTP command injection due to accepting CRLF characters within email addresses, leading to potential header manipulation or unauthorized SMTP commands in symfony/mime and symfony/symfony versions prior to 5.4.52, versions 6.0.0 to before 6.4.40, versions 7.0.0 to before 7.4.12 and versions 8.0.0 to before 8.0.12.
symfony/mime +1
crlf-injection
email-injection
symfony
CVE-2026-45067
2r
1t
medium
advisory
Multiple Vulnerabilities in Symfony Framework
3 rules 1 TTPMultiple vulnerabilities in Symfony, including CVE-2026-45070, CVE-2026-45077, CVE-2026-45304, CVE-2026-45305, CVE-2026-45753, CVE-2026-45754, CVE-2026-45755, CVE-2026-45756, CVE-2026-46626, and CVE-2026-47212, can lead to remote denial of service, cross-site scripting (XSS), and cross-site request forgery (CSRF) attacks.
symfony/html-sanitizer +10
symfony
vulnerability
dos
xss
csrf
3r
1t