5 matches found
DEBIAN-CVE-2026-46637
Twig is a template language for PHP. Prior to 3.26.0, several filters in twig/markdown-extra and twig/cssinliner-extra are registered with issafe = all, causing Twig to treat plain text or HTML output as safe in HTML, JavaScript, CSS, URL, and other contexts where the output is not properly...
CVE-2026-46637
Twig is a template language for PHP. Prior to 3.26.0, several filters in twig/markdown-extra and twig/cssinliner-extra are registered with issafe = all, causing Twig to treat plain text or HTML output as safe in HTML, JavaScript, CSS, URL, and other contexts where the output is not properly...
CVE-2026-46637
CVE-2026-46637 concerns Twig (PHP template engine). Before 3.26.0, the filters in twig/markdown-extra (html_to_markdown, markdown_to_html) and twig/cssinliner-extra (inline_css) were registered with is_safe => [all], causing their output to be treated as safe in contexts where escaping is requ...
Linux Distros Unpatched Vulnerability : CVE-2026-46637
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Twig is a template language for PHP. Prior to 3.26.0, several filters in twig/markdown-extra and twig/cssinliner-extra are registered with issafe = all, causing...
HTML-output filters in twig/* extras incorrectly declared `is_safe => ['all']`
More info at https://symfony.com/cve-2026-46637...