PHP/sulu/sulu/2.5.26

Core framework that implements the functionality of the Sulu content management system

https://packagist.org/packages/sulu/sulu
MIT

1 Security Vulnerabilities

GHSA-6h7h-m7p5-hjqp

Published date: 2026-03-30T18:04:10Z
CVE: CVE-2026-34372
Links:

Sulu checks fix permissions for subentities endpoints

Impact

A user which has permission for the Sulu Admin via atleast one role could have access to the subentities of contacts via the admin API without even have permission for contacts.

Patches

The issue was patched in release 2.6.22 and 3.0.5.

Workarounds

Create a Symfony Request Listener checking the permissions for the specific roles.

Resources

Github Advisory: https://github.com/sulu/sulu/security/advisories/GHSA-6h7h-m7p5-hjqp

Affected versions: ["3.0.4", "3.0.3", "3.0.2", "3.0.1", "3.0.0", "2.6.21", "2.6.20", "2.6.19", "2.6.18", "2.6.17", "2.6.16", "2.6.15", "2.6.14", "2.6.13", "2.6.12", "2.6.11", "2.6.10", "2.6.9", "2.6.8", "2.6.7", "2.6.6", "2.6.5", "2.6.4", "2.6.3", "2.6.2", "2.6.1", "2.6.0", "2.6.0-RC2", "2.6.0-RC1", "2.5.33", "2.5.32", "2.5.31", "2.5.30", "2.5.29", "2.5.28", "2.5.27", "2.5.26", "2.5.25", "2.5.24", "2.5.23", "2.5.22", "2.5.21", "2.5.20", "2.5.19", "2.5.18", "2.5.17", "2.5.16", "2.5.15", "2.5.14", "2.5.13", "2.5.12", "2.5.11", "2.5.10", "2.5.9", "2.5.8", "2.5.7", "2.5.6", "2.5.5", "2.5.4", "2.5.3", "2.5.2", "2.5.1", "2.5.0", "2.5.0-alpha1", "2.4.20", "2.4.19", "2.4.18", "2.4.17", "2.4.16", "2.4.15", "2.4.14", "2.4.13", "2.4.12", "2.4.11", "2.4.10", "2.4.9", "2.4.8", "2.4.7", "2.4.6", "2.4.5", "2.4.4", "2.4.3", "2.4.2", "2.4.1", "2.4.0", "2.4.0-RC1", "2.3.13", "2.3.12", "2.3.11", "2.3.10", "2.3.9", "2.3.8", "2.3.7", "2.3.6", "2.3.5", "2.3.4", "2.3.3", "2.3.2", "2.3.1", "2.3.0", "2.3.0-RC2", "2.3.0-RC1", "2.2.19", "2.2.18", "2.2.17", "2.2.16", "2.2.15", "2.2.14", "2.2.13", "2.2.12", "2.2.11", "2.2.10", "2.2.9", "2.2.8", "2.2.7", "2.2.6", "2.2.5", "2.2.4", "2.2.3", "2.2.2", "2.2.1", "2.2.0", "2.2.0-RC1", "2.1.14", "2.1.13", "2.1.12", "2.1.11", "2.1.10", "2.1.9", "2.1.8", "2.1.7", "2.1.6", "2.1.5", "2.1.4", "2.1.3", "2.1.2", "2.1.1", "2.1.0", "2.1.0-RC2", "2.1.0-RC1", "2.0.12", "2.0.11", "2.0.10", "2.0.9", "2.0.8", "2.0.7", "2.0.6", "2.0.5", "2.0.4", "2.0.3", "2.0.2", "2.0.1", "2.0.0", "2.0.0-RC3", "2.0.0-RC2", "2.0.0-RC1", "2.0.0-alpha6", "2.0.0-alpha5", "2.0.0-alpha4", "2.0.0-alpha3", "2.0.0-alpha2", "2.0.0-alpha1", "1.6.46", "1.6.45", "1.6.44", "1.6.43", "1.6.42", "1.6.41", "1.6.40", "1.6.39", "1.6.38", "1.6.37", "1.6.36", "1.6.35", "1.6.34", "1.6.33", "1.6.32", "1.6.31", "1.6.30", "1.6.29", "1.6.28", "1.6.27", "1.6.26", "1.6.25", "1.6.24", "1.6.23", "1.6.22", "1.6.21", "1.6.20", "1.6.19", "1.6.18", "1.6.17", "1.6.16", "1.6.15", "1.6.14", "1.6.13", "1.6.12", "1.6.11", "1.6.10", "1.6.9", "1.6.8", "1.6.7", "1.6.6", "1.6.5", "1.6.4", "1.6.3", "1.6.2", "1.6.1", "1.6.0", "1.6.0-RC1", "1.5.24", "1.5.23", "1.5.22", "1.5.21", "1.5.20", "1.5.19", "1.5.18", "1.5.17", "1.5.16", "1.5.15", "1.5.14", "1.5.13", "1.5.12", "1.5.11", "1.5.10", "1.5.9", "1.5.8", "1.5.7", "1.5.6", "1.5.5", "1.5.4", "1.5.3", "1.5.2", "1.5.1", "1.5.0", "1.5.0-RC3", "1.5.0-RC2", "1.5.0-RC1", "1.4.12", "1.4.11", "1.4.10", "1.4.9", "1.4.8", "1.4.7", "1.4.6", "1.4.5", "1.4.4", "1.4.3", "1.4.2", "1.4.1", "1.4.0", "1.4.0-RC2", "1.4.0-RC1", "1.3.11", "1.3.10", "1.3.9", "1.3.8", "1.3.7", "1.3.6", "1.3.5", "1.3.4", "1.3.3", "1.3.2", "1.3.1", "1.3.0", "1.3.0-RC3", "1.3.0-RC2", "1.3.0-RC1", "1.2.9", "1.2.8", "1.2.7", "1.2.6", "1.2.5", "1.2.4", "1.2.3", "1.2.2", "1.2.1", "1.2.0", "1.2.0-RC4", "1.2.0-RC3", "1.2.0-RC2", "1.2.0-RC1", "1.1.12", "1.1.11", "1.1.10", "1.1.9", "1.1.8", "1.1.7", "1.1.6", "1.1.5", "1.1.4", "1.1.3", "1.1.2", "1.1.1", "1.1.0", "1.1.0-RC2", "1.1.0-RC1", "1.1.0-beta1", "1.0.15", "1.0.14", "1.0.13", "1.0.12", "1.0.11", "1.0.10", "1.0.9", "1.0.8", "1.0.7", "1.0.6", "1.0.5", "1.0.4", "1.0.3", "1.0.2", "1.0.1", "1.0.0"]
Secure versions: [2.6.22, 3.0.0-RC1, 3.0.0-RC2, 3.0.0-alpha3, 3.0.0-alpha4, 3.0.0-alpha5, 3.0.0-beta1, 3.0.0-beta2, 3.0.0-beta3, 3.0.0-beta4, 3.0.5]
Recommendation: Update to version 3.0.5.

381 Other Versions

Version License Security Released
3.0.5 MIT 2026-03-27 - 14:15 28 days
3.0.4 MIT 1 2026-02-12 - 18:02 2 months
3.0.3 MIT 1 2026-01-16 - 11:55 3 months
3.0.2 MIT 1 2026-01-09 - 12:41 4 months
3.0.1 MIT 1 2025-12-23 - 08:58 4 months
3.0.0 MIT 1 2025-11-25 - 23:52 5 months
3.0.0-RC2 MIT 2025-11-24 - 11:26 5 months
3.0.0-RC1 MIT 2025-11-14 - 19:45 5 months
3.0.0-beta4 MIT 2025-11-07 - 10:03 6 months
3.0.0-beta3 MIT 2025-10-28 - 16:19 6 months
3.0.0-beta2 MIT 2025-10-22 - 08:03 6 months
3.0.0-beta1 MIT 2025-09-10 - 09:33 8 months
3.0.0-alpha5 MIT 2025-08-20 - 13:33 8 months
3.0.0-alpha4 MIT 2025-07-16 - 16:18 9 months
3.0.0-alpha3 MIT 2025-05-14 - 12:54 12 months
3.0.0-alpha2 MIT 1 2025-04-24 - 12:22 about 1 year
3.0.0-alpha1 MIT 1 2025-04-10 - 11:27 about 1 year
2.6.22 MIT 2026-03-27 - 14:13 28 days
2.6.21 MIT 1 2026-02-12 - 17:47 2 months
2.6.20 MIT 1 2026-01-16 - 11:51 3 months
2.6.19 MIT 1 2026-01-09 - 12:41 4 months
2.6.18 MIT 1 2025-12-23 - 08:36 4 months
2.6.17 MIT 1 2025-11-22 - 15:13 5 months
2.6.16 MIT 1 2025-11-14 - 08:13 5 months
2.6.15 MIT 1 2025-11-07 - 09:49 6 months
2.6.14 MIT 1 2025-10-28 - 13:21 6 months
2.6.13 MIT 1 2025-10-22 - 07:48 6 months
2.6.12 MIT 1 2025-09-09 - 14:35 8 months
2.6.11 MIT 1 2025-08-20 - 13:08 8 months
2.6.10 MIT 1 2025-07-16 - 15:13 9 months
2.6.9 MIT 1 2025-05-14 - 12:53 12 months
2.6.8 MIT 2 2025-04-10 - 07:39 about 1 year
2.6.7 MIT 2 2025-02-05 - 17:10 about 1 year
2.6.6 MIT 2 2024-11-27 - 12:35 over 1 year
2.6.5 MIT 2 2024-10-02 - 14:49 over 1 year
2.6.4 MIT 3 2024-07-25 - 12:21 over 1 year
2.6.3 MIT 3 2024-06-27 - 11:28 almost 2 years
2.6.2 MIT 3 2024-05-16 - 13:38 almost 2 years
2.6.1 MIT 3 2024-05-06 - 09:28 almost 2 years
2.6.0 MIT 3 2024-05-02 - 13:36 almost 2 years
2.6.0-RC2 MIT 2 2024-04-15 - 16:15 about 2 years
2.6.0-RC1 MIT 2 2024-03-29 - 08:34 about 2 years
2.5.33 MIT 1 2025-11-22 - 15:12 5 months
2.5.32 MIT 1 2025-11-07 - 12:19 6 months
2.5.31 MIT 1 2025-11-07 - 09:05 6 months
2.5.30 MIT 1 2025-10-28 - 12:14 6 months
2.5.29 MIT 1 2025-10-22 - 07:44 6 months
2.5.28 MIT 1 2025-09-08 - 06:46 8 months
2.5.27 MIT 1 2025-08-20 - 13:04 8 months
2.5.26 MIT 1 2025-07-16 - 14:26 9 months