11 matches found
CVE-2026-48808
A flaw was found in Twig, a template language for PHP. The column filter in Twig fails to properly forward the active sandbox state, specifically the current Source to the SandboxExtension::checkPropertyAllowed function. This oversight results in the loss of SourcePolicyInterface decisions,...
CVE-2026-48805
Twig is a template language for PHP. Prior to 3.27.0, deprecated internal wrappers in src/Resources/core.php do not forward the current sandbox state to CoreExtension::checkArrow, arraySome, and arrayEvery, allowing legacy calls such as twigarraysome, twigarrayevery, and twigcheckarrowinsandbox t...
CVE-2026-48805
Twig vulnerability CVE-2026-48805: Affected: Twig (PHP template engine); issue arises before 3.27.0 in deprecated internal wrappers in src/Resources/core.php. Root cause: Sandbox state is not forwarded to CoreExtension::checkArrow(), arraySome(), and arrayEvery() when using legacy helpers twig_ch...
Incorrect Authorization
Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Incorrect Authorization in the checkSecurity process. An attacker can execute unauthorized filters, tags, or functions by manipulating the sandbox state between render...
PT-2026-55213
Name of the Vulnerable Software and Affected Versions Twig versions prior to 3.27.0 Description In the template language for PHP, the allow-list verdict for filters, tags, and functions is computed during the construction of a Template instance and cached. This allows a sandboxed render to reuse ...
GHSA-P42Q-9PRX-Q5WQ Twig: Sandbox state regression in deprecated internal wrappers in `src/Resources/core.php`
Description The 3.26.0 source-policy hardening changed the signature of CoreExtension::checkArrow to take a boolean $isSandboxed instead of an Environment, and added the same $isSandboxed argument to CoreExtension::arraySome and CoreExtension::arrayEvery. Compiled templates were updated to pass t...
Twig: Sandbox state regression in deprecated internal wrappers in `src/Resources/core.php`
Description The 3.26.0 source-policy hardening changed the signature of CoreExtension::checkArrow to take a boolean $isSandboxed instead of an Environment, and added the same $isSandboxed argument to CoreExtension::arraySome and CoreExtension::arrayEvery. Compiled templates were updated to pass t...
Incorrect Authorization
Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Incorrect Authorization via the deprecated twigarraysome, twigarrayevery, and twigcheckarrowinsandbox helper functions. An attacker can bypass the sandbox callback...
CVE-2026-28479
OpenClaw versions prior to 2026.2.15 use SHA-1 to hash sandbox identifier cache keys for Docker and browser sandbox configurations, which is deprecated and vulnerable to collision attacks. An attacker can exploit SHA-1 collisions to cause cache poisoning, allowing one sandbox configuration to be...
CVE-2026-28479
OpenClaw versions prior to 2026.2.15 use SHA-1 to hash sandbox identifier cache keys for Docker and browser sandbox configurations, which is deprecated and vulnerable to collision attacks. An attacker can exploit SHA-1 collisions to cause cache poisoning, allowing one sandbox configuration to be...
Sandbox state regression in deprecated internal wrappers in `src/Resources/core.php`
More info at https://symfony.com/blog/cve-2026-48805-sandbox-state-regression-in-deprecated-internal-wrappers-in-src-resources-core-php...