Vulnerability in Sulu

CVE-2026-34372

Sulu is an open-source PHP content management system based on the Symfony framework. From versions 1.0.0 to before 2.6.22, and 3.0.0 to before 3.0.5, a user which has permission for the Sulu Admin via at least one role could have access to…

EPSS: 0.000 (4.9th percentile) — read the EPSS interpretation.

Affected products

Sulu — versions >= 1.0.0, < 2.6.22, >= 3.0.0, < 3.0.5

Weakness classification (CWE)

CWE-288 — Authentication Bypass Using an Alternate Path or Channel

References

https://github.com/sulu/sulu/security/advisories/GHSA-6h7h-m7p5-hjqp (x_refsource_CONFIRM)
https://github.com/sulu/sulu/releases/tag/2.6.22 (x_refsource_MISC)
https://github.com/sulu/sulu/releases/tag/3.0.5 (x_refsource_MISC)