symfony/ux-live-component Denial of service via unbounded batch action requests

PKSA-tv34-cfvx-rr9r CVE-2026-49209

Affected package: symfony/ux-live-component

Affected version: >=2.5.0,<2.36.0|>=3.0.0,<3.1.0

Reported by:
FriendsOfPHP/security-advisories