52 matches found
CVE-2026-48808
A flaw was found in Twig, a template language for PHP. The column filter in Twig fails to properly forward the active sandbox state, specifically the current Source to the SandboxExtension::checkPropertyAllowed function. This oversight results in the loss of SourcePolicyInterface decisions,...
DEBIAN-CVE-2026-49981
Twig is a template language for PHP. Prior to 3.27.0, the per-template filter, tag, and function allow-list verdict is computed when a Template instance is constructed and can remain cached after sandbox state changes between renders, allowing a later sandboxed render to reuse a template that was...
CVE-2026-49981
Twig is a template language for PHP. Prior to 3.27.0, the per-template filter, tag, and function allow-list verdict is computed when a Template instance is constructed and can remain cached after sandbox state changes between renders, allowing a later sandboxed render to reuse a template that was...
CVE-2026-48808
Twig is a template language for PHP. Prior to 3.27.0, the column filter passes the active sandbox state as a boolean but does not forward the current Source to SandboxExtension::checkPropertyAllowed, so SourcePolicyInterface decisions are lost and a template author can read public or magic...
CVE-2026-48807
Twig is a template language for PHP. Prior to 3.27.0, the sandbox toString checks do not fully cover Traversable values passed to join and replace filters or operands evaluated by the in and not in operators, allowing contained Stringable objects to be coerced to strings without consulting the...
CVE-2026-46634
Twig is a template language for PHP. From 3.9.0 until 3.26.0, templatefromstring compiles an inner template under a synthesized stringtemplate name that can fall outside a SourcePolicyInterface sandbox decision, allowing a sandboxed template that can call templatefromstring and include to render ...
CVE-2026-48807 Twig: Sandbox `__toString()` policy bypass via `Traversable` in `join` and `replace` filters
Twig is a template language for PHP. Prior to 3.27.0, the sandbox toString checks do not fully cover Traversable values passed to join and replace filters or operands evaluated by the in and not in operators, allowing contained Stringable objects to be coerced to strings without consulting the...
CVE-2026-48806
Twig (PHP) prior to 3.27.0 is vulnerable to a Sandbox __toString() policy bypass via dynamic mapping keys in ArrayExpression. The issue allows a Stringable object used as a mapping key to invoke its __toString() without SandboxExtension::ensureToStringAllowed(), enabling potential data exposure a...
CVE-2026-48808
Twig’s CVE-2026-48808 describes a sandbox bypass in the Column filter: prior to 3.27.0, the active sandbox state was passed but the current Source was not forwarded to SandboxExtension::checkPropertyAllowed(), allowing access to properties not permitted by the sandbox policy. This affects Twig te...
CVE-2026-49981 Twig: Sandbox filter, tag and function allow-list bypass when sandbox state changes between renders for a cached `Template`
Twig is a template language for PHP. Prior to 3.27.0, the per-template filter, tag, and function allow-list verdict is computed when a Template instance is constructed and can remain cached after sandbox state changes between renders, allowing a later sandboxed render to reuse a template that was...
CVE-2026-49981
Twig is a template language for PHP. CVE-2026-49981 affects Twig up to version 3.26.x, where the per-template filter, tag, and function allow-list verdict is computed when a Template instance is constructed and can be cached after sandbox state changes between renders. This can allow a later sand...
Chromium: CVE-2026-14101 Insufficient policy enforcement in Sandbox
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
PT-2026-54376
Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 150.0.7871.47 Description Insufficient policy enforcement in the Sandbox allows a remote attacker who has already compromised the renderer process to potentially perform a sandbox escape by using a crafte...
PT-2026-54046
Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-24 Description An incorrect policy check allows remote attackers to bypass path policy restrictions in sandboxed conversion services. This flaw enables the creation or truncation of files that are disallowed...
CVE-2026-44727 Jupyter Server: Stored XSS in `NbconvertFileHandler` / `NbconvertPostHandler` via missing `sandbox` CSP
Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyterserver render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy. Combined with nbconvert.HTMLExporter's default...
SUSE CVE-2026-11282
Insufficient policy enforcement in Sandbox in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...
Chromium: CVE-2026-11282 Policy bypass in Sandbox
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
DEBIAN-CVE-2026-11282
Insufficient policy enforcement in Sandbox in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...
CVE-2026-11282
Insufficient policy enforcement in Sandbox in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...
CVE-2026-11282
CVE-2026-11282 affects Google Chrome on Linux. The issue is insufficient policy enforcement in the Sandbox, potentially allowing a sandbox escape via a crafted HTML page on versions prior to 149.0.7827.53. The reported impact is a high-risk security bypass leading to full exposure of the host, wi...