PHP/sulu/sulu/2.5.26

Core framework that implements the functionality of the Sulu content management system

https://packagist.org/packages/sulu/sulu
MIT

1 Security Vulnerabilities

GHSA-6h7h-m7p5-hjqp

Published date: 2026-03-30T18:04:10Z
CVE: CVE-2026-34372
Links:

Sulu checks fix permissions for subentities endpoints

Impact

A user which has permission for the Sulu Admin via atleast one role could have access to the subentities of contacts via the admin API without even have permission for contacts.

Patches

The issue was patched in release 2.6.22 and 3.0.5.

Workarounds

Create a Symfony Request Listener checking the permissions for the specific roles.

Resources

Github Advisory: https://github.com/sulu/sulu/security/advisories/GHSA-6h7h-m7p5-hjqp

Affected versions: ["3.0.4", "3.0.3", "3.0.2", "3.0.1", "3.0.0", "2.6.21", "2.6.20", "2.6.19", "2.6.18", "2.6.17", "2.6.16", "2.6.15", "2.6.14", "2.6.13", "2.6.12", "2.6.11", "2.6.10", "2.6.9", "2.6.8", "2.6.7", "2.6.6", "2.6.5", "2.6.4", "2.6.3", "2.6.2", "2.6.1", "2.6.0", "2.6.0-RC2", "2.6.0-RC1", "2.5.33", "2.5.32", "2.5.31", "2.5.30", "2.5.29", "2.5.28", "2.5.27", "2.5.26", "2.5.25", "2.5.24", "2.5.23", "2.5.22", "2.5.21", "2.5.20", "2.5.19", "2.5.18", "2.5.17", "2.5.16", "2.5.15", "2.5.14", "2.5.13", "2.5.12", "2.5.11", "2.5.10", "2.5.9", "2.5.8", "2.5.7", "2.5.6", "2.5.5", "2.5.4", "2.5.3", "2.5.2", "2.5.1", "2.5.0", "2.5.0-alpha1", "2.4.20", "2.4.19", "2.4.18", "2.4.17", "2.4.16", "2.4.15", "2.4.14", "2.4.13", "2.4.12", "2.4.11", "2.4.10", "2.4.9", "2.4.8", "2.4.7", "2.4.6", "2.4.5", "2.4.4", "2.4.3", "2.4.2", "2.4.1", "2.4.0", "2.4.0-RC1", "2.3.13", "2.3.12", "2.3.11", "2.3.10", "2.3.9", "2.3.8", "2.3.7", "2.3.6", "2.3.5", "2.3.4", "2.3.3", "2.3.2", "2.3.1", "2.3.0", "2.3.0-RC2", "2.3.0-RC1", "2.2.19", "2.2.18", "2.2.17", "2.2.16", "2.2.15", "2.2.14", "2.2.13", "2.2.12", "2.2.11", "2.2.10", "2.2.9", "2.2.8", "2.2.7", "2.2.6", "2.2.5", "2.2.4", "2.2.3", "2.2.2", "2.2.1", "2.2.0", "2.2.0-RC1", "2.1.14", "2.1.13", "2.1.12", "2.1.11", "2.1.10", "2.1.9", "2.1.8", "2.1.7", "2.1.6", "2.1.5", "2.1.4", "2.1.3", "2.1.2", "2.1.1", "2.1.0", "2.1.0-RC2", "2.1.0-RC1", "2.0.12", "2.0.11", "2.0.10", "2.0.9", "2.0.8", "2.0.7", "2.0.6", "2.0.5", "2.0.4", "2.0.3", "2.0.2", "2.0.1", "2.0.0", "2.0.0-RC3", "2.0.0-RC2", "2.0.0-RC1", "2.0.0-alpha6", "2.0.0-alpha5", "2.0.0-alpha4", "2.0.0-alpha3", "2.0.0-alpha2", "2.0.0-alpha1", "1.6.46", "1.6.45", "1.6.44", "1.6.43", "1.6.42", "1.6.41", "1.6.40", "1.6.39", "1.6.38", "1.6.37", "1.6.36", "1.6.35", "1.6.34", "1.6.33", "1.6.32", "1.6.31", "1.6.30", "1.6.29", "1.6.28", "1.6.27", "1.6.26", "1.6.25", "1.6.24", "1.6.23", "1.6.22", "1.6.21", "1.6.20", "1.6.19", "1.6.18", "1.6.17", "1.6.16", "1.6.15", "1.6.14", "1.6.13", "1.6.12", "1.6.11", "1.6.10", "1.6.9", "1.6.8", "1.6.7", "1.6.6", "1.6.5", "1.6.4", "1.6.3", "1.6.2", "1.6.1", "1.6.0", "1.6.0-RC1", "1.5.24", "1.5.23", "1.5.22", "1.5.21", "1.5.20", "1.5.19", "1.5.18", "1.5.17", "1.5.16", "1.5.15", "1.5.14", "1.5.13", "1.5.12", "1.5.11", "1.5.10", "1.5.9", "1.5.8", "1.5.7", "1.5.6", "1.5.5", "1.5.4", "1.5.3", "1.5.2", "1.5.1", "1.5.0", "1.5.0-RC3", "1.5.0-RC2", "1.5.0-RC1", "1.4.12", "1.4.11", "1.4.10", "1.4.9", "1.4.8", "1.4.7", "1.4.6", "1.4.5", "1.4.4", "1.4.3", "1.4.2", "1.4.1", "1.4.0", "1.4.0-RC2", "1.4.0-RC1", "1.3.11", "1.3.10", "1.3.9", "1.3.8", "1.3.7", "1.3.6", "1.3.5", "1.3.4", "1.3.3", "1.3.2", "1.3.1", "1.3.0", "1.3.0-RC3", "1.3.0-RC2", "1.3.0-RC1", "1.2.9", "1.2.8", "1.2.7", "1.2.6", "1.2.5", "1.2.4", "1.2.3", "1.2.2", "1.2.1", "1.2.0", "1.2.0-RC4", "1.2.0-RC3", "1.2.0-RC2", "1.2.0-RC1", "1.1.12", "1.1.11", "1.1.10", "1.1.9", "1.1.8", "1.1.7", "1.1.6", "1.1.5", "1.1.4", "1.1.3", "1.1.2", "1.1.1", "1.1.0", "1.1.0-RC2", "1.1.0-RC1", "1.1.0-beta1", "1.0.15", "1.0.14", "1.0.13", "1.0.12", "1.0.11", "1.0.10", "1.0.9", "1.0.8", "1.0.7", "1.0.6", "1.0.5", "1.0.4", "1.0.3", "1.0.2", "1.0.1", "1.0.0"]
Secure versions: [2.6.22, 3.0.0-RC1, 3.0.0-RC2, 3.0.0-alpha3, 3.0.0-alpha4, 3.0.0-alpha5, 3.0.0-beta1, 3.0.0-beta2, 3.0.0-beta3, 3.0.0-beta4, 3.0.5]
Recommendation: Update to version 3.0.5.

381 Other Versions

Version License Security Released
1.1.7 MIT 5 2016-01-26 - 14:10 about 10 years
1.1.6 MIT 5 2016-01-26 - 07:02 about 10 years
1.1.5 MIT 5 2016-01-15 - 06:37 over 10 years
1.1.4 MIT 5 2016-01-08 - 12:41 over 10 years
1.1.3 MIT 5 2015-12-18 - 14:41 over 10 years
1.1.2 MIT 5 2015-12-11 - 14:03 over 10 years
1.1.1 MIT 5 2015-12-07 - 14:49 over 10 years
1.1.0 MIT 5 2015-12-02 - 12:59 over 10 years
1.1.0-RC2 MIT 5 2015-11-19 - 10:19 over 10 years
1.1.0-RC1 MIT 5 2015-11-09 - 13:47 over 10 years
1.1.0-beta1 MIT 5 2015-10-28 - 16:04 over 10 years
1.0.15 MIT 5 2016-01-08 - 12:23 over 10 years
1.0.14 MIT 5 2015-11-13 - 13:48 over 10 years
1.0.13 MIT 5 2015-11-12 - 15:22 over 10 years
1.0.12 MIT 5 2015-10-22 - 06:56 over 10 years
1.0.11 MIT 5 2015-09-23 - 12:45 over 10 years
1.0.10 MIT 5 2015-09-17 - 07:32 over 10 years
1.0.9 MIT 5 2015-09-14 - 15:03 over 10 years
1.0.8 MIT 5 2015-08-31 - 13:39 over 10 years
1.0.7 MIT 5 2015-08-11 - 12:09 over 10 years
1.0.6 MIT 5 2015-08-05 - 13:54 over 10 years
1.0.5 MIT 5 2015-08-03 - 15:25 over 10 years
1.0.4 MIT 5 2015-07-29 - 09:15 over 10 years
1.0.3 MIT 5 2015-07-23 - 09:23 almost 11 years
1.0.2 MIT 5 2015-07-13 - 13:50 almost 11 years
1.0.1 MIT 5 2015-07-06 - 10:59 almost 11 years
1.0.0 MIT 5 2015-07-01 - 16:50 almost 11 years
1.0.0-RC3 MIT 4 2015-06-29 - 16:05 almost 11 years
1.0.0-RC2 MIT 4 2015-06-17 - 14:35 almost 11 years
1.0.0-RC1 MIT 4 2015-06-01 - 12:37 almost 11 years
0.18.2 MIT 4 2015-05-18 - 14:32 almost 11 years
0.18.1 MIT 4 2015-05-09 - 18:28 almost 11 years
0.18.0 MIT 4 2015-05-08 - 17:58 almost 11 years
0.17.0 MIT 4 2015-04-20 - 15:28 about 11 years
0.17.0-RC2 MIT 4 2015-03-16 - 12:11 about 11 years
0.17.0-RC1 MIT 4 2015-03-06 - 09:15 about 11 years
0.16.2 MIT 4 2015-04-14 - 06:55 about 11 years
0.16.1 MIT 4 2015-02-27 - 07:59 about 11 years
0.16.0 MIT 4 2015-02-24 - 13:06 about 11 years
0.15.3 MIT 4 2015-02-19 - 14:40 about 11 years
0.15.2 MIT 4 2015-02-19 - 10:28 about 11 years
0.15.1 MIT 4 2015-02-17 - 12:22 about 11 years
0.15.0 MIT 4 2015-02-13 - 17:36 about 11 years
0.14.2 MIT 4 2015-02-02 - 16:13 about 11 years
0.14.1 MIT 4 2015-01-21 - 14:51 over 11 years
0.14.0 MIT 4 2015-01-12 - 15:49 over 11 years
0.13.2 MIT 4 2014-12-12 - 10:14 over 11 years
0.13.1 MIT 4 2014-12-11 - 08:15 over 11 years
0.13.0 MIT 4 2014-12-10 - 16:10 over 11 years
0.12.0 MIT 4 2014-11-25 - 15:18 over 11 years