CVE-2026-46633
A flaw was found in Twig, a template language for PHP. This vulnerability occurs because the Compiler::string function does not properly escape single quotes when processing a template name from a % use % tag within a PHP single-quoted string literal. A remote attacker could craft a malicious...