Sulu · Sulu · CVE-2026-45701
**Name of the Vulnerable Software and Affected Versions**
Sulu versions prior to 2.6.23
Sulu versions prior to 3.0.6
**Description**
Sulu is an open-source PHP content management system based on the Symfony framework. The generation of API keys and password reset tokens utilizes a weak cryptographical hash algorithm.
**Recommendations**
Update to version 2.6.23.
Update to version 3.0.6.
As a temporary workaround, patch the `User.php` and `ResettingController.php` files within the SecurityBundle.