Security Advisories - symfony/runtime - Packagist.org

symfony/runtime Security Advisories for v8.0.0-BETA2 (1)

CVE-2026-46626: SymfonyRuntime CVE-2024-50340 Patch Bypass: Web Requests Can Still Set APP_ENV/APP_DEBUG via parse_str/SAPI Argv Mismatch

PKSA-py8y-z9q7-q197 CVE-2026-46626

Affected version: >=5.4.46,<5.4.52|>=6.4.14,<6.4.40|>=7.1.7,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0|>=7.4.0,<7.4.12|>=8.0.0,<8.0.12

Reported by:
FriendsOfPHP/security-advisories