3 matches found
CVE-2026-54164
API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. In versions prior to 4.1.30, 4.2.26 and 4.3.12, the serializer's AbstractItemNormalizer does not validate the resource type returned when resolving relation IRIs, allowing type confusion where a resource of an...
CVE-2026-54164 API Platform Core: Missing IRI type check enables resource type confusion
API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. In versions prior to 4.1.30, 4.2.26 and 4.3.12, the serializer's AbstractItemNormalizer does not validate the resource type returned when resolving relation IRIs, allowing type confusion where a resource of an...
PT-2026-49086
Name of the Vulnerable Software and Affected Versions API Platform Core versions prior to 4.1.30 API Platform Core versions prior to 4.2.26 API Platform Core versions prior to 4.3.12 Description A type confusion issue exists in the serializer's AbstractItemNormalizer when resolving relation IRIs...