Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-45133

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, when the parser is exposed to attacker-controlled input, deeply nested mappings or sequences cause both the block-level (Parser::parseBlock()) and inline (Inline::parseSequence() / Inline::parseMapping()) parsers to recurse without a depth limit. A crafted document exhausts the PHP stack and crashes the worker. This issue is fixed in versions 5.4.52, 6.4.40, 7.4.12, and 8.0.12.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 44.8%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2026-45133


Contact Us

Shodan ® - All rights reserved