CVE-2026-48807
Twig: The vulnerability CVE-2026-48807 affects Twig templates in PHP prior to 3.27.0 where sandbox __toString() checks do not fully cover Traversable values passed to join/replace filters or in/not in operators, allowing contained Stringable objects to be coerced to strings without sandbox policy...