CVE-2026-45069: OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims

PKSA-jzjr-4n2h-knvd CVE-2026-45069

Affected package: symfony/security-http

Affected version: >=6.3.0,<6.4.0|>=6.4.0,<6.4.40|>=7.4.0,<7.4.12|>=8.0.0,<8.0.12

Reported by:
FriendsOfPHP/security-advisories