PHP/sulu/sulu/2.6.18
Core framework that implements the functionality of the Sulu content management system
https://packagist.org/packages/sulu/sulu
MIT
1 Security Vulnerabilities
GHSA-6h7h-m7p5-hjqp
Published date: 2026-03-30T18:04:10Z
CVE: CVE-2026-34372
Links:
Sulu checks fix permissions for subentities endpoints
Impact
A user which has permission for the Sulu Admin via atleast one role could have access to the subentities of contacts via the admin API without even have permission for contacts.
Patches
The issue was patched in release 2.6.22 and 3.0.5.
Workarounds
Create a Symfony Request Listener checking the permissions for the specific roles.
Resources
Github Advisory: https://github.com/sulu/sulu/security/advisories/GHSA-6h7h-m7p5-hjqp
Affected versions: ["3.0.4", "3.0.3", "3.0.2", "3.0.1", "3.0.0", "2.6.21", "2.6.20", "2.6.19", "2.6.18", "2.6.17", "2.6.16", "2.6.15", "2.6.14", "2.6.13", "2.6.12", "2.6.11", "2.6.10", "2.6.9", "2.6.8", "2.6.7", "2.6.6", "2.6.5", "2.6.4", "2.6.3", "2.6.2", "2.6.1", "2.6.0", "2.6.0-RC2", "2.6.0-RC1", "2.5.33", "2.5.32", "2.5.31", "2.5.30", "2.5.29", "2.5.28", "2.5.27", "2.5.26", "2.5.25", "2.5.24", "2.5.23", "2.5.22", "2.5.21", "2.5.20", "2.5.19", "2.5.18", "2.5.17", "2.5.16", "2.5.15", "2.5.14", "2.5.13", "2.5.12", "2.5.11", "2.5.10", "2.5.9", "2.5.8", "2.5.7", "2.5.6", "2.5.5", "2.5.4", "2.5.3", "2.5.2", "2.5.1", "2.5.0", "2.5.0-alpha1", "2.4.20", "2.4.19", "2.4.18", "2.4.17", "2.4.16", "2.4.15", "2.4.14", "2.4.13", "2.4.12", "2.4.11", "2.4.10", "2.4.9", "2.4.8", "2.4.7", "2.4.6", "2.4.5", "2.4.4", "2.4.3", "2.4.2", "2.4.1", "2.4.0", "2.4.0-RC1", "2.3.13", "2.3.12", "2.3.11", "2.3.10", "2.3.9", "2.3.8", "2.3.7", "2.3.6", "2.3.5", "2.3.4", "2.3.3", "2.3.2", "2.3.1", "2.3.0", "2.3.0-RC2", "2.3.0-RC1", "2.2.19", "2.2.18", "2.2.17", "2.2.16", "2.2.15", "2.2.14", "2.2.13", "2.2.12", "2.2.11", "2.2.10", "2.2.9", "2.2.8", "2.2.7", "2.2.6", "2.2.5", "2.2.4", "2.2.3", "2.2.2", "2.2.1", "2.2.0", "2.2.0-RC1", "2.1.14", "2.1.13", "2.1.12", "2.1.11", "2.1.10", "2.1.9", "2.1.8", "2.1.7", "2.1.6", "2.1.5", "2.1.4", "2.1.3", "2.1.2", "2.1.1", "2.1.0", "2.1.0-RC2", "2.1.0-RC1", "2.0.12", "2.0.11", "2.0.10", "2.0.9", "2.0.8", "2.0.7", "2.0.6", "2.0.5", "2.0.4", "2.0.3", "2.0.2", "2.0.1", "2.0.0", "2.0.0-RC3", "2.0.0-RC2", "2.0.0-RC1", "2.0.0-alpha6", "2.0.0-alpha5", "2.0.0-alpha4", "2.0.0-alpha3", "2.0.0-alpha2", "2.0.0-alpha1", "1.6.46", "1.6.45", "1.6.44", "1.6.43", "1.6.42", "1.6.41", "1.6.40", "1.6.39", "1.6.38", "1.6.37", "1.6.36", "1.6.35", "1.6.34", "1.6.33", "1.6.32", "1.6.31", "1.6.30", "1.6.29", "1.6.28", "1.6.27", "1.6.26", "1.6.25", "1.6.24", "1.6.23", "1.6.22", "1.6.21", "1.6.20", "1.6.19", "1.6.18", "1.6.17", "1.6.16", "1.6.15", "1.6.14", "1.6.13", "1.6.12", "1.6.11", "1.6.10", "1.6.9", "1.6.8", "1.6.7", "1.6.6", "1.6.5", "1.6.4", "1.6.3", "1.6.2", "1.6.1", "1.6.0", "1.6.0-RC1", "1.5.24", "1.5.23", "1.5.22", "1.5.21", "1.5.20", "1.5.19", "1.5.18", "1.5.17", "1.5.16", "1.5.15", "1.5.14", "1.5.13", "1.5.12", "1.5.11", "1.5.10", "1.5.9", "1.5.8", "1.5.7", "1.5.6", "1.5.5", "1.5.4", "1.5.3", "1.5.2", "1.5.1", "1.5.0", "1.5.0-RC3", "1.5.0-RC2", "1.5.0-RC1", "1.4.12", "1.4.11", "1.4.10", "1.4.9", "1.4.8", "1.4.7", "1.4.6", "1.4.5", "1.4.4", "1.4.3", "1.4.2", "1.4.1", "1.4.0", "1.4.0-RC2", "1.4.0-RC1", "1.3.11", "1.3.10", "1.3.9", "1.3.8", "1.3.7", "1.3.6", "1.3.5", "1.3.4", "1.3.3", "1.3.2", "1.3.1", "1.3.0", "1.3.0-RC3", "1.3.0-RC2", "1.3.0-RC1", "1.2.9", "1.2.8", "1.2.7", "1.2.6", "1.2.5", "1.2.4", "1.2.3", "1.2.2", "1.2.1", "1.2.0", "1.2.0-RC4", "1.2.0-RC3", "1.2.0-RC2", "1.2.0-RC1", "1.1.12", "1.1.11", "1.1.10", "1.1.9", "1.1.8", "1.1.7", "1.1.6", "1.1.5", "1.1.4", "1.1.3", "1.1.2", "1.1.1", "1.1.0", "1.1.0-RC2", "1.1.0-RC1", "1.1.0-beta1", "1.0.15", "1.0.14", "1.0.13", "1.0.12", "1.0.11", "1.0.10", "1.0.9", "1.0.8", "1.0.7", "1.0.6", "1.0.5", "1.0.4", "1.0.3", "1.0.2", "1.0.1", "1.0.0"]
Secure versions: [2.6.22, 3.0.0-RC1, 3.0.0-RC2, 3.0.0-alpha3, 3.0.0-alpha4, 3.0.0-alpha5, 3.0.0-beta1, 3.0.0-beta2, 3.0.0-beta3, 3.0.0-beta4, 3.0.5]
Recommendation: Update to version 3.0.5.
381 Other Versions
| Version | License | Security | Released | |
|---|---|---|---|---|
| 1.6.21 | MIT | 5 | 2018-07-18 - 11:28 | almost 8 years |
| 1.6.20 | MIT | 5 | 2018-06-29 - 11:51 | almost 8 years |
| 1.6.19 | MIT | 5 | 2018-05-24 - 16:09 | almost 8 years |
| 1.6.18 | MIT | 5 | 2018-05-03 - 15:30 | almost 8 years |
| 1.6.17 | MIT | 5 | 2018-04-24 - 11:08 | about 8 years |
| 1.6.16 | MIT | 5 | 2018-03-19 - 08:35 | about 8 years |
| 1.6.15 | MIT | 5 | 2018-02-27 - 10:02 | about 8 years |
| 1.6.14 | MIT | 5 | 2018-02-06 - 07:42 | about 8 years |
| 1.6.13 | MIT | 5 | 2018-01-18 - 13:05 | over 8 years |
| 1.6.12 | MIT | 5 | 2017-12-21 - 09:41 | over 8 years |
| 1.6.11 | MIT | 5 | 2017-12-14 - 09:11 | over 8 years |
| 1.6.10 | MIT | 5 | 2017-12-07 - 15:51 | over 8 years |
| 1.6.9 | MIT | 5 | 2017-12-04 - 14:00 | over 8 years |
| 1.6.8 | MIT | 5 | 2017-11-21 - 11:48 | over 8 years |
| 1.6.7 | MIT | 5 | 2017-11-14 - 08:12 | over 8 years |
| 1.6.6 | MIT | 5 | 2017-10-12 - 11:52 | over 8 years |
| 1.6.5 | MIT | 5 | 2017-10-04 - 08:51 | over 8 years |
| 1.6.4 | MIT | 5 | 2017-09-14 - 11:55 | over 8 years |
| 1.6.3 | MIT | 5 | 2017-08-17 - 11:13 | over 8 years |
| 1.6.2 | MIT | 5 | 2017-07-31 - 08:49 | over 8 years |
| 1.6.1 | MIT | 5 | 2017-07-10 - 11:34 | almost 9 years |
| 1.6.0 | MIT | 5 | 2017-06-28 - 08:41 | almost 9 years |
| 1.6.0-RC1 | MIT | 5 | 2017-06-01 - 06:23 | almost 9 years |
| 1.5.24 | MIT | 5 | 2019-08-08 - 07:45 | over 6 years |
| 1.5.23 | MIT | 5 | 2019-05-16 - 11:29 | almost 7 years |
| 1.5.22 | MIT | 5 | 2019-03-26 - 13:02 | about 7 years |
| 1.5.21 | MIT | 5 | 2019-02-28 - 11:30 | about 7 years |
| 1.5.20 | MIT | 5 | 2019-01-09 - 13:05 | over 7 years |
| 1.5.19 | MIT | 5 | 2018-12-03 - 11:49 | over 7 years |
| 1.5.18 | MIT | 5 | 2018-10-05 - 10:02 | over 7 years |
| 1.5.17 | MIT | 5 | 2018-07-18 - 11:05 | almost 8 years |
| 1.5.16 | MIT | 5 | 2018-06-29 - 11:39 | almost 8 years |
| 1.5.15 | MIT | 5 | 2018-05-24 - 15:26 | almost 8 years |
| 1.5.14 | MIT | 5 | 2018-05-03 - 15:26 | almost 8 years |
| 1.5.13 | MIT | 5 | 2018-04-24 - 11:07 | about 8 years |
| 1.5.12 | MIT | 5 | 2018-03-19 - 06:58 | about 8 years |
| 1.5.11 | MIT | 5 | 2018-02-27 - 06:37 | about 8 years |
| 1.5.10 | MIT | 5 | 2018-02-06 - 07:24 | about 8 years |
| 1.5.9 | MIT | 5 | 2018-01-18 - 12:39 | over 8 years |
| 1.5.8 | MIT | 5 | 2017-12-14 - 09:09 | over 8 years |
| 1.5.7 | MIT | 5 | 2017-10-12 - 11:40 | over 8 years |
| 1.5.6 | MIT | 5 | 2017-09-14 - 11:47 | over 8 years |
| 1.5.5 | MIT | 5 | 2017-06-28 - 06:16 | almost 9 years |
| 1.5.4 | MIT | 5 | 2017-05-31 - 14:43 | almost 9 years |
| 1.5.3 | MIT | 5 | 2017-04-06 - 16:37 | about 9 years |
| 1.5.2 | MIT | 5 | 2017-03-22 - 15:28 | about 9 years |
| 1.5.1 | MIT | 5 | 2017-03-16 - 09:03 | about 9 years |
| 1.5.0 | MIT | 5 | 2017-03-06 - 09:54 | about 9 years |
| 1.5.0-RC3 | MIT | 5 | 2017-02-28 - 08:58 | about 9 years |
| 1.5.0-RC2 | MIT | 5 | 2017-02-20 - 18:56 | about 9 years |