Lucene search
+L

4 matches found

NVD
NVD
added 4 days ago6 views

CVE-2026-46639

Twig is a template language for PHP. From 3.24.0 until 3.26.0, object-destructuring assignment compiles CoreExtension::getAttribute with the sandbox argument hardcoded to false, disabling property and method policy checks and allowing an attacker with write access to a sandboxed Twig template to...

7.1CVSS0.00351EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-46639 Twig: Sandbox property and method bypass via object-destructuring assignment

Twig is a template language for PHP. From 3.24.0 until 3.26.0, object-destructuring assignment compiles CoreExtension::getAttribute with the sandbox argument hardcoded to false, disabling property and method policy checks and allowing an attacker with write access to a sandboxed Twig template to...

7.1CVSS0.00351EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-46639

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Twig is a template language for PHP. From 3.24.0 until 3.26.0, object-destructuring assignment compiles CoreExtension::getAttribute with the sandbox argument...

7.1CVSS6.1AI score0.00351EPSS
Exploits0References2
Circl
Circl
added 2026/05/20 10:31 a.m.8 views

CVE-2026-46639

creationtimestamp| type| source ---|---|--- 2026-05-20 10:31:59+00:00| seen| https://bsky.app/profile/symfony.com/post/3mmbpb53e6r2y...

7.1CVSS5.8AI score0.00351EPSS
Exploits0References1
Rows per page
Query Builder