Lucene search
K

35 matches found

RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-48808

A flaw was found in Twig, a template language for PHP. The column filter in Twig fails to properly forward the active sandbox state, specifically the current Source to the SandboxExtension::checkPropertyAllowed function. This oversight results in the loss of SourcePolicyInterface decisions,...

6CVSS6AI score0.0026EPSS
Exploits0References2
NVD
NVD
added 2 days ago7 views

CVE-2026-48808

Twig is a template language for PHP. Prior to 3.27.0, the column filter passes the active sandbox state as a boolean but does not forward the current Source to SandboxExtension::checkPropertyAllowed, so SourcePolicyInterface decisions are lost and a template author can read public or magic...

6CVSS0.0026EPSS
Exploits0References3
CVE
CVE
added 2 days ago30 views

CVE-2026-48808

Twig’s CVE-2026-48808 describes a sandbox bypass when sandboxing is enabled via SourcePolicyInterface and the CoreExtension::column() filter is used. The issue arises because the column filter passes the active sandbox state as a boolean but does not forward the current Source to SandboxExtension...

6CVSS6.1AI score0.0026EPSS
Exploits0References3
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-46634 Twig: `template_from_string()` escapes a SourcePolicy-driven sandbox via synthesized template name

Twig is a template language for PHP. From 3.9.0 until 3.26.0, templatefromstring compiles an inner template under a synthesized stringtemplate name that can fall outside a SourcePolicyInterface sandbox decision, allowing a sandboxed template that can call templatefromstring and include to render ...

7.7CVSS0.00331EPSS
Exploits0References3
CVE
CVE
added 2 days ago43 views

CVE-2026-46634

CVE-2026-46634 affects Twig for PHP, where versions 3.9.0–3.26.0 allow template_from_string() to synthesize a name (string_template ) that can bypass a SourcePolicyInterface sandbox, enabling a sandboxed template to call template_from_string and include an inner template without security policy e...

9.8CVSS6.1AI score0.00331EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/30 6:43 p.m.4 views

GHSA-H8VQ-8GPG-MHCG Twig: Sandbox property allowlist bypass via the `column` filter under `SourcePolicyInterface`

Description This is a residual bypass of CVE-2026-46635 / GHSA-vcc8-phrv-43wj that only affects sandboxing enabled through SourcePolicyInterface and not the regular global sandbox mode. CoreExtension::column receives the active sandbox state via the needsissandboxed channel as a boolean...

6CVSS5.7AI score0.0026EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.9 views

Ubuntu 26.04 LTS : Twig vulnerability (USN-8408-1)

The remote Ubuntu 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8408-1 advisory. It was discovered that Twig did not properly validate PHP callables when using a source policy. An authenticated user could possibly use this issue to execute...

9.9CVSS6AI score0.00738EPSS
Exploits0References2
OSV
OSV
added 2026/06/08 7:36 p.m.11 views

USN-8408-1 php-twig vulnerability

It was discovered that Twig did not properly validate PHP callables when using a source policy. An authenticated user could possibly use this issue to execute arbitrary code...

9.9CVSS5.8AI score0.00738EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2026/06/08 7:36 p.m.13 views

USN-8408-1: Twig vulnerability

It was discovered that Twig did not properly validate PHP callables when using a source policy. An authenticated user could possibly use this issue to execute arbitrary code...

9.9CVSS5.8AI score0.00738EPSS
Exploits0
OSV
OSV
added 2026/06/05 8:41 p.m.8 views

GHSA-2Q52-X2FF-QGFR Twig: Possible sandbox bypass when using a source policy

Description When using the sandbox with a SourcePolicyInterface, Twig does not always apply the sandbox restriction that forbids non-Closure callbacks for callback-accepting filters. The issue affects the sort, filter, map, and reduce filters. In the affected versions, the runtime check that...

8.8CVSS5.8AI score0.00738EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/06/05 8:41 p.m.18 views

Twig: Possible sandbox bypass when using a source policy

Description When using the sandbox with a SourcePolicyInterface, Twig does not always apply the sandbox restriction that forbids non-Closure callbacks for callback-accepting filters. The issue affects the sort, filter, map, and reduce filters. In the affected versions, the runtime check that...

9.9CVSS5.8AI score0.00738EPSS
Exploits0References7Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.8 views

CVE-2026-24425

Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PHP callables to sort, filter, map, and reduce filters. Attackers can exploit the runtime check that...

9.9CVSS5.9AI score0.00738EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 6:32 p.m.9 views

CVE-2026-45042 RustFS: UploadPartCopy Does Not Enforce Destination Bucket Policy on Copy Source

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, improper authorization in the UploadPartCopy operation allows copying objects across buckets without enforcing destination bucket restrictions on allowed copy sources. The implementation validates GetObject...

7.1CVSS5.8AI score0.00207EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/27 5:41 p.m.10 views

Incorrect Authorization

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Incorrect Authorization via the CoreExtension::column filter when sandboxing is enabled through SourcePolicyInterface. An attacker can bypass the sandbox property...

6CVSS5.9AI score0.0026EPSS
Exploits0References2
OSV
OSV
added 2026/05/21 9:25 p.m.7 views

GHSA-24X9-R6Q4-Q93W Twig: `template_from_string()` escapes a SourcePolicy-driven sandbox via synthesized template name

Description When the sandbox is enabled selectively via SourcePolicyInterface and not globally, a sandboxed template that is allowed to call templatefromstring and include can render an arbitrary inner template with no security policy enforcement. Environment::createTemplate compiles the inner...

9.8CVSS6.1AI score0.00331EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/21 9:25 p.m.20 views

Twig: `template_from_string()` escapes a SourcePolicy-driven sandbox via synthesized template name

Description When the sandbox is enabled selectively via SourcePolicyInterface and not globally, a sandboxed template that is allowed to call templatefromstring and include can render an arbitrary inner template with no security policy enforcement. Environment::createTemplate compiles the inner...

9.8CVSS6.1AI score0.00331EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.14 views

PT-2026-42583

Description When the sandbox is enabled selectively via SourcePolicyInterface and not globally, a sandboxed template that is allowed to call template from string and include can render an arbitrary inner template with no security policy enforcement. Environment::createTemplate compiles the inner...

6.1AI score0.00331EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/21 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-24425

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template...

9.9CVSS6AI score0.00738EPSS
Exploits0References2
OSV
OSV
added 2026/05/20 2:16 p.m.6 views

DEBIAN-CVE-2026-24425

Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PHP callables to sort, filter, map, and reduce filters. Attackers can exploit the runtime check that...

9.9CVSS6.2AI score0.00738EPSS
Exploits0References1
NVD
NVD
added 2026/05/20 2:16 p.m.10 views

CVE-2026-24425

Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PHP callables to sort, filter, map, and reduce filters. Attackers can exploit the runtime check that...

9.9CVSS0.00738EPSS
Exploits0References3
Rows per page
Query Builder