Lucene search
+L

5 matches found

redhatcve
redhatcve
added yesterday5 views

CVE-2026-46639

A flaw was found in Twig, a template language for PHP. An attacker with write access to a sandboxed Twig template can bypass security restrictions due to an issue in object-destructuring assignment. This allows them to read public properties or invoke public methods on objects, leading to...

7.1CVSS6AI score0.00354EPSS
Exploits0References2
nvd
nvd
added 2 days ago6 views

CVE-2026-46639

Twig is a template language for PHP. From 3.24.0 until 3.26.0, object-destructuring assignment compiles CoreExtension::getAttribute with the sandbox argument hardcoded to false, disabling property and method policy checks and allowing an attacker with write access to a sandboxed Twig template to...

7.1CVSS0.00354EPSS
Exploits0References2
cve
cve
added 2 days ago19 views

CVE-2026-46639

Twig 3.24.0–3.26.0 contains a sandbox bypass in object-destructuring assignment: CoreExtension::getAttribute() is called with sandboxed flag set to false, bypassing security policy checks and allowing a sandboxed template to read public properties or call public getters on objects. The issue is f...

7.1CVSS6.1AI score0.00354EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2 days ago34 views

CVE-2026-46639 Twig: Sandbox property and method bypass via object-destructuring assignment

Twig is a template language for PHP. From 3.24.0 until 3.26.0, object-destructuring assignment compiles CoreExtension::getAttribute with the sandbox argument hardcoded to false, disabling property and method policy checks and allowing an attacker with write access to a sandboxed Twig template to...

7.1CVSS0.00354EPSS
Exploits0References2
cve
cve
added 2 days ago20 views

CVE-2026-46635

Twig before 3.26.0 allows a sandbox bypass via the column filter (array_column on objects): when rendering with column in allowedFilters, object arrays passed to PHP’s array_column() read public and magic properties directly, bypassing SandboxExtension::checkPropertyAllowed(). This bypass occurs ...

5.3CVSS6.1AI score0.00371EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder