Vulnerability in Sulu

CVE-2026-45701

Sulu is an open-source PHP content management system based on the Symfony framework. Prior to versions 2.6.23 and 3.0.6, the password reset tokenand API key generation uses a weak cryptographical hash algorithm. This issue has been patched…

Vulnerability class: POODLE (CVE-2014-3566)

EPSS: 0.000 (8.1th percentile) — read the EPSS interpretation.

Affected products

Sulu — versions < 2.6.23, >= 3.0.0-alpha1, < 3.0.6

Weakness classification (CWE)

CWE-327 — Use of a Broken or Risky Cryptographic Algorithm

References

security-advisories@github.com (x_refsource_CONFIRM)
security-advisories@github.com (x_refsource_MISC)
security-advisories@github.com (x_refsource_MISC)