EIP-2026-104681

PRE-CVE

Symfony 2.7.0 < 4.0.10 - Denial of Service

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104681. PoCs published by Federico Stange.

AI-analyzed exploit summary The exploit describes a denial of service (DoS) vulnerability in Symfony applications using PDOSessionHandler with MySQL backend under specific SQL mode configurations. The PoC is referenced as a separate downloadable archive.

Description

Symfony 2.7.0 < 4.0.10 - Denial of Service

Exploits (1)

exploitdb WRITEUP VERIFIED
by Federico Stange · textdosphp
https://www.exploit-db.com/exploits/44768

The exploit describes a denial of service (DoS) vulnerability in Symfony applications using PDOSessionHandler with MySQL backend under specific SQL mode configurations. The PoC is referenced as a separate downloadable archive.

Classification
Writeup 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Theoretical
Target: Symfony with PDOSessionHandler and MySQL backend
No auth needed
Prerequisites: Symfony application using PDOSessionHandler · MySQL backend for sessions · SQL mode without STRICT_ALL_TABLES or STRICT_TRANS_TABLES
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026