Lucene search
+L

4 matches found

NVD
NVD
added 2 days ago5 views

CVE-2026-46638

Twig is a template language for PHP. Prior to 3.26.0, % sandbox %% include % can include a template that was previously loaded outside the sandbox without re-invoking checkSecurity, allowing the cached template to use tags, filters, and functions that should have been denied by...

8.1CVSS0.0026EPSS
Exploits0References3
OSV
OSV
added 2026/05/21 9:28 p.m.9 views

GHSA-7FXW-R6JV-74C8 Twig: `{% sandbox %}{% include %}` skips checkSecurity() on cached templates (incomplete fix for CVE-2024-45411)

Description The fix for CVE-2024-45411 / GHSA-6j75-5wfj-gh66 added an explicit $loaded-unwrap-checkSecurity call in CoreExtension::include so that a template already cached in Environment::$loadedTemplates is re-checked when included with sandboxed = true. The deprecated but still functional %...

5.8CVSS5.8AI score0.0026EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/21 9:28 p.m.17 views

Twig: `{% sandbox %}{% include %}` skips checkSecurity() on cached templates (incomplete fix for CVE-2024-45411)

Description The fix for CVE-2024-45411 / GHSA-6j75-5wfj-gh66 added an explicit $loaded-unwrap-checkSecurity call in CoreExtension::include so that a template already cached in Environment::$loadedTemplates is re-checked when included with sandboxed = true. The deprecated but still functional %...

8.6CVSS5.8AI score0.00833EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.11 views

PT-2026-42690

Name of the Vulnerable Software and Affected Versions Twig affected versions not specified Description An issue exists where the % sandbox %% include ... %% endsandbox % tag path fails to re-invoke the checkSecurity function. If a template is loaded outside a sandbox within the same Environment...

6CVSS6.1AI score0.0026EPSS
Exploits0References15
Rows per page
Query Builder