diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
index 2b31b70a208b..0a2d32c9f3f4 100644
--- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
+++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
@@ -59,6 +59,10 @@ public function getConfigTreeBuilder(): TreeBuilder
             ->beforeNormalization()
                 ->always()
                 ->then(function ($v) {
+                    if (isset($v['hide_user_not_found']) && isset($v['expose_security_errors'])) {
+                        throw new InvalidConfigurationException('You cannot use both "hide_user_not_found" and "expose_security_errors" at the same time.');
+                    }
+
                     if (isset($v['hide_user_not_found']) && !isset($v['expose_security_errors'])) {
                         $v['expose_security_errors'] = $v['hide_user_not_found'] ? ExposeSecurityLevel::None : ExposeSecurityLevel::All;
                     }
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/MainConfigurationTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/MainConfigurationTest.php
index 926abc5c7731..6904a21b1811 100644
--- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/MainConfigurationTest.php
+++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/MainConfigurationTest.php
@@ -283,4 +283,18 @@ public static function provideHideUserNotFoundLegacyData(): iterable
         yield [['hide_user_not_found' => true], ExposeSecurityLevel::None, true];
         yield [['hide_user_not_found' => false], ExposeSecurityLevel::All, false];
     }
+
+    public function testCannotUseHideUserNotFoundAndExposeSecurityErrorsAtTheSameTime()
+    {
+        $processor = new Processor();
+        $configuration = new MainConfiguration([], []);
+
+        $this->expectException(InvalidConfigurationException::class);
+        $this->expectExceptionMessage('You cannot use both "hide_user_not_found" and "expose_security_errors" at the same time.');
+
+        $processor->processConfiguration($configuration, [static::$minimalConfig + [
+            'hide_user_not_found' => true,
+            'expose_security_errors' => ExposeSecurityLevel::None,
+        ]]);
+    }
 }