Another ugly fix for Mautic 3 instance is to replace the template Views:User:Security:ajax.html.php template
I encountered this error if the user has been logged out and I logged back in using ajax render login form.
I solved it by forcing complete refresh of login page which also regenerates the CSRF token:
<?php
$view->extend('MauticCoreBundle:Default:content.html.php');
$view['slots']->set('headerTitle', $view['translator']->trans('mautic.user.auth.expired.header'));
?>
<script type="text/javascript">
window.location.reload();
</script>
Hope it helps someone.
Regards, M.