CVE-2026-49216 | Symfony UX up to 2.35.x/3.0.x Autocomplete _createAutocompleteWithRemoteData dropdown cross site scripting
A vulnerability described as problematic has been identified in Symfony UX up to 2.35.x/3.0.x. This affects the function _createAutocompleteWithRemoteData of the component Autocomplete. The manipulation of the argument dropdown results in cross site scripting.
This vulnerability is known as CVE-2026-49216. It is possible to launch the attack remotely. No exploit is available.VulDB Recent EntriesRead More