Risk Scores
CVSS v3.1
6.300000190734863
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H
EPSS Score
0.01%
0.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| symfony | process | 8.0, 0, 6.4 |
| sensiolabs | symfony | 0, 6.4.0, 7.3.0 |
| symfony | symfony | 8.0, 0, 6.4 |
| symfony | symfony | < 5.4.51, >= 6.4.0, < 6.4.33, >= 7.3.0, < 7.3.11 |
| Symfony | Symfony |
Timeline
- Jan 26, 2026 Fix PR Merged
- Jan 28, 2026 CVE Published
- Jan 28, 2026 PoC Published
- Jan 28, 2026 PoC Published
- Jan 29, 2026 CVE Updated
- Jan 29, 2026 EPSS Score
- Jan 29, 2026 Security Advisory
- Jan 31, 2026 EPSS Score
- Feb 2, 2026 EPSS Score
- Feb 4, 2026 EPSS Score
- Feb 6, 2026 EPSS Score
- Feb 7, 2026 EPSS Score
References
- https://github.com/symfony/symfony/security/advisories/GHSA-r39x-jcww-82v6 url
- https://github.com/symfony/symfony/issues/62921 url
- https://github.com/symfony/symfony/pull/63164 url
- https://github.com/symfony/symfony/commit/35203939050e5abd3caf2202113b00cab5d379b3 url
- https://github.com/symfony/symfony/commit/ec154f6f95f8c60f831998ec4d246a857e9d179b url
- https://nvd.nist.gov/vuln/detail/CVE-2026-24739 advisory
- https://github.com/symfony/symfony package