CVE-2026-45069
EUVD-2026-4435714.07.2026, 19:17
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, 7.4.12, and 8.0.12, OidcTokenHandler::verifyClaims() registered audience (aud), issuer (iss), and expiry (exp) checkers but did not pass the mandatory claims list to ClaimCheckerManager::check(), so a validly signed JWT that omitted those claims could pass verification. This issue is fixed in versions 6.4.40, 7.4.12, and 8.0.12.Enginsight
Awaiting analysis
This vulnerability is currently awaiting analysis.
Debian Releases
Common Weakness Enumeration