Vulnerability in Symfony Polyfill

CVE-2026-46644

Symfony Polyfill backports PHP features and provides compatibility layers for extensions and functions. From 1.17.1 until 1.38.1, symfony/polyfill-intl-idn accepts xn-- labels whose Punycode payload is empty or decodes to ASCII-only code p…

Affected products

Weakness classification (CWE)

References