MEDIUM
sulu
CVE published 2026-06-01
CVE-2026-45701
Sulu, an open-source PHP content management system built on Symfony, used a weak cryptographic hash algorithm for password reset token and API key generation in versions prior to 2.6.23 and 3.0.6. The weakness in the hashing mechanism could allow attackers to predict or reverse-engineer sensitive tokens and keys, potentially leading to unauthorized account access or API abuse. The issue is classified unde [truncated]