CVE-2026-47212
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, 7.4.12, and 8.0.12, Twili
CVSS
5.3
Medium
EPSS
0.2%
p15
KEV
—
Exploit Today
4
0-100
Published: Jul 14, 2026 · Last modified: Jul 15, 2026 · CWE-306 · CWE-347
0.2%EPSS · 30 days0.3%
2026-07-152026-07-18
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, 7.4.12, and 8.0.12, TwilioRequestParser::doParse() received the configured webhook secret but ignored the X-Twilio-Signature HMAC header, allowing unauthenticated POST requests to inject forged Twilio status payloads. This issue is fixed in versions 6.4.40, 7.4.12, and 8.0.12.
- github.comhttps://github.com/symfony/symfony/commit/8545fb2af6c07dfb5ef0fc8d9bccf86db2c94356
- github.comhttps://github.com/symfony/symfony/releases/tag/v6.4.40
- github.comhttps://github.com/symfony/symfony/releases/tag/v7.4.12
- github.comhttps://github.com/symfony/symfony/releases/tag/v8.0.12
- github.comhttps://github.com/symfony/symfony/security/advisories/GHSA-55rj-x2vc-4whq
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2025-32489.8 CRI100.0%
KEV—80Langflow Missing Authentication Vulnerability4dCVE-2024-116809.8 CRI99.8%
KEV—80ProjectSend Improper Authentication Vulnerability4dCVE-2026-561645.3 MED92.0%
KEV—78Microsoft SharePoint Server Missing Authentication for Critical Function Vulnerability4dCVE-2026-4855810.0 CRI63.6%
KEV—69SimpleHelp Authentication Bypass Vulnerability18dCVE-2026-468179.8 CRI60.3%
KEV—68Oracle E-Business Suite Improper Privilege Management Vulnerability3dCVE-2022-245629.8 CRI98.9%
——30In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send GET and POST requests to Airserv and gain arbitrary read/write access to the entire file-system (with admin privileges) on the victim's endpoint, which can result in data theft and remote code execution.10d