CVE-2026-45074: Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay

PKSA-5df2-zpfk-xgsv CVE-2026-45074

Affected package: symfony/security-http

Affected version: >=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0|>=7.4.0,<7.4.12|>=8.0.0,<8.0.12

Reported by:
FriendsOfPHP/security-advisories