Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-45069

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, 7.4.12, and 8.0.12, OidcTokenHandler::verifyClaims() registered audience (aud), issuer (iss), and expiry (exp) checkers but did not pass the mandatory claims list to ClaimCheckerManager::check(), so a validly signed JWT that omitted those claims could pass verification. This issue is fixed in versions 6.4.40, 7.4.12, and 8.0.12.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 15.3%
CVSS Severity
CVSS v3 Score 9.1
Products affected by CVE-2026-45069


Contact Us

Shodan ® - All rights reserved