CVE-2026-48761
CVE-2026-48761 affects the Symfony HtmlSanitizer: UrlAttributeSanitizer misses URL-bearing attributes on , , , and also URLs inside content. Affects Symfony versions 6.1.0 through 6.4.41, 7.4.13, and 8.0.13. Root cause: UrlAttributeSanitizer omits certain URL attributes and multi-field URLs, en...