CVE-2026-49216: XSS in symfony/ux-autocomplete via unescaped AJAX response data
Affected versions Symfony versions >=2.2.0, =3.0.0, <3.1.0 of the Symfony UX Autocomplete component are affected by this security issue. The issue has been fixed in Symfony 2.36.0, 3.1.0. Description The Stimulus controller shipped…