Vulnerability in Symfony Polyfill
CVE-2026-46644
Symfony Polyfill backports PHP features and provides compatibility layers for extensions and functions. From 1.17.1 until 1.38.1, symfony/polyfill-intl-idn accepts xn-- labels whose Punycode payload is empty or decodes to ASCII-only code p…
Affected products
- Symfony Polyfill — versions >= 1.17.1, < 1.38.1
- Symfony Polyfill-intl-idn — versions >= 1.17.1, < 1.38.1
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_CONFIRM)