PatchSiren cyber security CVE debrief
CVE-2026-49215 symfony CVE debrief
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-17T17:17:16.060Z and has not been modified since then. The vulnerability affects Symfony UX versions between 2.22.0 and 2.36.0 or 3.1.0, allowing cross-origin request forgery attacks. Developers and administrators using these versions should verify and apply patches to prevent potential attacks. The vulnerability is fixed in versions 2.36.0 and 3.1.0. Affected product deployments should be identified and verified for exposure.
- Vendor
- symfony
- Product
- ux
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-17
- Original CVE updated
- 2026-07-17
- Advisory published
- 2026-07-17
- Advisory updated
- 2026-07-17
Who should care
Developers and administrators using Symfony UX versions between 2.22.0 and 2.36.0 or 3.1.0 should verify and apply patches to prevent potential cross-origin request forgery attacks. Affected operator, platform, vulnerability-management, and security-team impact should be reviewed and addressed.
Technical summary
The Symfony UX LiveComponentSubscriber is vulnerable to cross-origin request forgery due to improper handling of the Accept header in #[LiveAction] invocations. This issue allows forged cross-origin requests against a victim session when applications use SameSite=None, credentials: 'include', a permissive cookie policy, or a same-origin pivot. The vulnerability is fixed in versions 2.36.0 and 3.1.0. Affected product deployments should be identified and verified for exposure.
Defensive priority
Apply patches to Symfony UX versions between 2.22.0 and 2.36.0 or 3.1.0 to prevent potential cross-origin request forgery attacks. Review and adjust application configurations for SameSite and credentials policies.
Recommended defensive actions
- Apply patches to Symfony UX versions between 2.22.0 and 2.36.0 or 3.1.0
- Verify and update Symfony UX to version 2.36.0 or 3.1.0
- Review and adjust application configurations for SameSite and credentials policies
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE record and NVD entry provide limited information about the vulnerability. Further investigation and verification are necessary to fully understand the impact and scope of the vulnerability. Affected product deployments should be identified and verified for exposure. The vulnerability allows forged cross-origin requests against a victim session when applications use SameSite=None, credentials: 'include', a permissive cookie policy, or a same-origin pivot. Defenders should review and adjust application configurations for SameSite and credentials policies. Additional review of compensating controls and monitoring may be necessary.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-17T17:17:16.060Z and has not been modified since then.