Lucene search
+L

9 matches found

cvelist
cvelist
added 2 days ago39 views

CVE-2026-48808 Twig: Sandbox property allowlist bypass via the `column` filter under `SourcePolicyInterface`

Twig is a template language for PHP. Prior to 3.27.0, the column filter passes the active sandbox state as a boolean but does not forward the current Source to SandboxExtension::checkPropertyAllowed, so SourcePolicyInterface decisions are lost and a template author can read public or magic...

6CVSS0.0026EPSS
Exploits0References3
github
github
added 2026/06/30 6:43 p.m.9 views

Twig: Sandbox property allowlist bypass via the `column` filter under `SourcePolicyInterface`

Description This is a residual bypass of CVE-2026-46635 / GHSA-vcc8-phrv-43wj that only affects sandboxing enabled through SourcePolicyInterface and not the regular global sandbox mode. CoreExtension::column receives the active sandbox state via the needsissandboxed channel as a boolean...

6CVSS5.7AI score0.0026EPSS
Exploits0References5Affected Software1
euvd
euvd
added 2026/06/05 8:41 p.m.60 views

EUVD-2026-31113

Twig: Possible sandbox bypass when using a source policy...

9.9CVSS5.4AI score0.00738EPSS
Exploits0References6
ubuntucve
ubuntucve
added 2026/05/20 2:16 p.m.10 views

CVE-2026-24425

Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PHP callables to sort, filter, map, and reduce filters. Attackers can exploit the runtime check that...

9.9CVSS6.2AI score0.00738EPSS
Exploits0References6
cvelist
cvelist
added 2026/05/20 1:45 p.m.54 views

CVE-2026-24425 Twig 2.16.x & 3.9.0-3.25.x Sandbox Bypass via SourcePolicyInterface

Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PHP callables to sort, filter, map, and reduce filters. Attackers can exploit the runtime check that...

8.8CVSS0.00738EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/05/20 1:45 p.m.8 views

CVE-2026-24425 Twig 2.16.x & 3.9.0-3.25.x Sandbox Bypass via SourcePolicyInterface

Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PHP callables to sort, filter, map, and reduce filters. Attackers can exploit the runtime check that...

8.8CVSS6.2AI score0.00738EPSS
Exploits0References3
snyk
snyk
added 2026/05/20 9:41 a.m.8 views

Incorrect Authorization

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Incorrect Authorization via callback validation for the sort, filter, map, and reduce filters when sandboxing is enabled through SourcePolicyInterface. An attacker can...

9.9CVSS6AI score0.00738EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/20 12:0 a.m.14 views

Twig 安全漏洞

Twig is an open-source PHP template engine developed by Twig contributors. Versions 2.16.x and 3.9.0 to 3.25.x of Twig contain security vulnerabilities. These vulnerabilities stem from sandbox bypasses when using the SourcePolicyInterface, allowing attackers to circumvent sandbox restrictions and...

9.9CVSS6AI score0.00738EPSS
Exploits0References1
friendsofphp
friendsofphp
added 1970/01/01 12:0 a.m.11 views

Sandbox property allowlist bypass via the `column` filter under `SourcePolicyInterface`

More info at https://symfony.com/blog/cve-2026-48808-sandbox-property-allowlist-bypass-via-the-column-filter-under-sourcepolicyinterface...

6CVSS5.8AI score0.0026EPSS
Exploits0Affected Software1
Rows per page
Query Builder