CVE-2026-24425 Twig 2.16.x & 3.9.0-3.25.x Sandbox Bypass via SourcePolicyInterface

Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PHP callables to sort, filter, map, and reduce filters. Attackers can exploit the runtime check that...

PT-2024-31614

Name of the Vulnerable Software and Affected Versions: Twig versions prior to 1.44.8 Twig versions prior to 2.16.1 Twig versions prior to 3.14.0 Description: Under some circumstances, the sandbox security checks are not run, which allows user-contributed templates to bypass the sandbox...