Description Symfony\Bridge\Monolog\Command\ServerLogCommand (the server:log console command) is a development-time helper that opens a TCP listener and displays log records pushed to it by the application's logging pipe…
| CVE ID | CVE-2026-45077 |
| Vendor | composer |
| Affected Product | symfony/monolog-bridge |
| Vulnerability Type | Vulnerability |
| CVSS Score | 7.5 (HIGH) |
| Actively Exploited | ❌ No known exploitation |
| Patch Status | See Vendor Advisory → |
| Reported By | CYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories) |
#
Symfony\Bridge\Monolog\Command\ServerLogCommand (the server:log console command) is a development-time helper that opens a TCP listener and displays log records pushed to it by the application's logging pipeline. Two unsafe defaults combine into a remotely reachable PHP object-deserialization sink: 1. The listener binds to 0.0.0.0:9911 by default; it accepts connections on every interface, not only loopback.2. Each received frame is processed as unserialize(base64_decode($message)) without an allowed_classes allowlist, without authentication, and without any integrity check. The decoded value is then passed to displayLog(..., array $record) which assumes (without validating) that the result is an array. Any host that can reach TCP port 9911 on a machine running
Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.