Summary
API Platform Core vulnerable to cross-user attribute leak in JSON:API and HAL item normalizers due to missing isCacheKeySafe gate
Full technical description
Exploitation conditions
Exploitation requires all of the following to coincide:
- The application exposes a resource via the JSON:API and/or HAL formats.
- At least one property of that resource uses
#[ApiProperty(security: ...)]with a predicate whose result depends on the current user (or on per-request state). - A request from a user for whom the predicate evaluates to
truepopulatescomponentsCachebefore a request from a user for whom the predicate evaluates tofalse, within the lifetime of the same PHP process. - The deployment uses a long-running PHP runtime that keeps the normalizer instance alive across requests (FrankenPHP worker mode, RoadRunner, Swoole, ReactPHP, etc.). With classic
php-fpmworkers the cache only survives the duration of a single request, which makes the issue much harder to observe in practice.
Workarounds
Override the JSON:API and HAL ItemNormalizer services to gate $context['cache_key'] with a resource-class security check, or avoid #[ApiProperty(security: ...)] on resources served as JSON:API or HAL until the patch is applied. Pinning the deployment to classic php-fpm workers also limits exposure since the cache does not survive across requests.
Credits
- Tillmann Baumgart (@tillmon), originally identified the broader cache-key gap and proposed moving
isCacheKeySafetoAbstractItemNormalizer. - Antoine Bluchet (@soyuka), extended the gate to JSON:API and HAL normalizers.
Impact
#[ApiProperty(security: ...)] is evaluated per request to decide whether a property is exposed. The componentsCache arrays in ApiPlatform\JsonApi\Serializer\ItemNormalizer and ApiPlatform\Hal\Serializer\ItemNormalizer are keyed on $context['cache_key'], which is set unconditionally before delegating to the parent normalizer. The component structure (attributes, relationships, links) computed for one request can therefore be reused for a subsequent request whose user has a different set of accessible properties. A user with lower privileges may end up seeing the structure of properties that the security predicate would otherwise have hidden for them.
This is the same vulnerability class as GHSA-428q-q3vv-3fq3 / CVE-2025-31485, which fixed only the GraphQL ItemNormalizer. The JSON:API and HAL paths were not addressed at the time.
CVE-2026-49858 has a CVSS score of 5.9 (Medium). The vector is network-reachable, no privileges required, and no user interaction. A CVSS score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether this affects your application depends on whether the vulnerable code is present and reachable in your environment. A fixed version is available (4.1.29, 4.2.25, 4.3.8); upgrading removes the vulnerable code path.
Affected versions
Security releases
Kodem intelligence
Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.
Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter. Kodem's runtime-powered SCA identifies whether this CVE is reachable in your applications.
Already deployed Kodem?
See it in your environmentNew to Kodem? Get a demo →Remediation advice
- 4.1.29
- 4.2.25
- 4.3.8
All three branches receive patched releases of api-platform/core, api-platform/json-api, and api-platform/hal.
Frequently Asked Questions
- What is CVE-2026-49858? CVE-2026-49858 is a medium-severity security vulnerability in api-platform/core (composer), affecting versions >= 2.6.0, < 4.1.29. It is fixed in 4.1.29, 4.2.25, 4.3.8.
- How severe is CVE-2026-49858? CVE-2026-49858 has a CVSS score of 5.9 (Medium). This score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether it represents real risk in your environment depends on whether the vulnerable code is present and reachable.
- Which packages are affected by CVE-2026-49858?
api-platform/core(composer) (versions >= 2.6.0, < 4.1.29)api-platform/json-api(composer) (versions >= 4.0.0, < 4.1.29)api-platform/hal(composer) (versions >= 4.0.0, < 4.1.29)
- Is there a fix for CVE-2026-49858? Yes. CVE-2026-49858 is fixed in 4.1.29, 4.2.25, 4.3.8. Upgrade to this version or later.
- Is CVE-2026-49858 exploitable, and should I be worried? Whether CVE-2026-49858 is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
- What actually determines whether CVE-2026-49858 is exploitable, and how bad it is? Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
- How do I fix CVE-2026-49858?
- Upgrade
api-platform/coreto 4.1.29 or later - Upgrade
api-platform/coreto 4.2.25 or later - Upgrade
api-platform/coreto 4.3.8 or later - Upgrade
api-platform/json-apito 4.1.29 or later - Upgrade
api-platform/json-apito 4.2.25 or later - Upgrade
api-platform/json-apito 4.3.8 or later - Upgrade
api-platform/halto 4.1.29 or later - Upgrade
api-platform/halto 4.2.25 or later - Upgrade
api-platform/halto 4.3.8 or later
- Upgrade