Lucene search
+L

8 matches found

NVD
NVD
added 3 days ago4 views

CVE-2026-48747

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 7.4.13 and 8.0.13, MailomatRequestParser::validateSignature parsed X-MOM-Webhook-Signature as algo=signature and passed the request-selected algorithm to hashhmac, allowing a signature...

6.3CVSS0.00197EPSS
Exploits0References4
CVE
CVE
added 3 days ago22 views

CVE-2026-48747

Summary: CVE-2026-48747 affects Symfony’s Mailomat webhook parser. The MailomatRequestParser::validateSignature() method reads the X-MOM-Webhook-Signature header and passes the wire-provided algorithm directly to hash_hmac(), enabling a signature algorithm downgrade instead of enforcing SHA-256 a...

6.3CVSS6.1AI score0.00197EPSS
Exploits0References4Affected Software1
OSV
OSV
added 3 days ago4 views

CVE-2026-48747 Symfony: Mailomat Mailer Webhook Parser Reads the HMAC Algorithm from the Request: Signature Algorithm Downgrade

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 7.4.13 and 8.0.13, MailomatRequestParser::validateSignature parsed X-MOM-Webhook-Signature as algo=signature and passed the request-selected algorithm to hashhmac, allowing a signature...

6.3CVSS6.1AI score0.00197EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/06/15 5:32 p.m.8 views

Symfony: Mailomat Mailer Webhook Parser Reads the HMAC Algorithm from the Request: Signature Algorithm Downgrade

Description Symfony\Component\Mailer\Bridge\Mailomat\Webhook\MailomatRequestParser::validateSignature parses the X-MOM-Webhook-Signature request header as algo=signature and passes the wire-supplied $algo directly to hashhmac when verifying the request against the configured webhook secret. The...

6.3CVSS5.5AI score0.00197EPSS
Exploits0References6Affected Software2
OSV
OSV
added 2026/06/15 5:32 p.m.7 views

GHSA-RRJ9-5Q2J-4GVR Symfony: Mailomat Mailer Webhook Parser Reads the HMAC Algorithm from the Request: Signature Algorithm Downgrade

Description Symfony\Component\Mailer\Bridge\Mailomat\Webhook\MailomatRequestParser::validateSignature parses the X-MOM-Webhook-Signature request header as algo=signature and passes the wire-supplied $algo directly to hashhmac when verifying the request against the configured webhook secret. The...

6.3CVSS5.5AI score0.00197EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.14 views

PT-2026-44170

Name of the Vulnerable Software and Affected Versions mailomat-mailer affected versions not specified Description A Signature Algorithm Downgrade flaw exists in the mailomat-mailer component. This issue allows an attacker to perform complete Signature Forgery, which is the act of creating a...

6.3CVSS5.1AI score0.00197EPSS
Exploits0References18
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.10 views

CVE-2026-48747: Mailomat Mailer Webhook Parser Reads the HMAC Algorithm from the Request: Signature Algorithm Downgrade

More info at https://symfony.com/cve-2026-48747...

6.3CVSS5.8AI score0.00197EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.17 views

CVE-2026-48747: Mailomat Mailer Webhook Parser Reads the HMAC Algorithm from the Request: Signature Algorithm Downgrade

More info at https://symfony.com/cve-2026-48747...

6.3CVSS5.8AI score0.00197EPSS
Exploits0Affected Software1
Rows per page
Query Builder