4 matches found
CVE-2026-46639
Twig is a template language for PHP. From 3.24.0 until 3.26.0, object-destructuring assignment compiles CoreExtension::getAttribute with the sandbox argument hardcoded to false, disabling property and method policy checks and allowing an attacker with write access to a sandboxed Twig template to...
CVE-2026-46639 Twig: Sandbox property and method bypass via object-destructuring assignment
Twig is a template language for PHP. From 3.24.0 until 3.26.0, object-destructuring assignment compiles CoreExtension::getAttribute with the sandbox argument hardcoded to false, disabling property and method policy checks and allowing an attacker with write access to a sandboxed Twig template to...
Linux Distros Unpatched Vulnerability : CVE-2026-46639
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Twig is a template language for PHP. From 3.24.0 until 3.26.0, object-destructuring assignment compiles CoreExtension::getAttribute with the sandbox argument...
CVE-2026-46639
creationtimestamp| type| source ---|---|--- 2026-05-20 10:31:59+00:00| seen| https://bsky.app/profile/symfony.com/post/3mmbpb53e6r2y...