| CVE-2026-46633 |
critical |
— |
9.5 |
8d ago |
Twig: PHP code injection via `{% use %}` template name |
|
| CVE-2026-46639 |
high |
— |
8.0 |
8d ago |
Twig: Sandbox property and method bypass via object-destructuring assignment |
|
| CVE-2026-46640 |
high |
— |
8.0 |
8d ago |
Twig: Arbitrary PHP code execution via `_self.(<string>)` macro-reference compilation |
|
| CVE-2026-46634 |
medium |
— |
5.5 |
8d ago |
Twig: `template_from_string()` escapes a SourcePolicy-driven sandbox via synthesized template name |
|
| CVE-2026-46638 |
medium |
— |
5.5 |
8d ago |
Twig: `{% sandbox %}{% include %}` skips checkSecurity() on cached templates (incomplete fix for CVE-2024-45411) |
|
| CVE-2026-46635 |
low |
— |
2.5 |
8d ago |
Twig: Sandbox property allowlist bypass via the `column` filter (array_column on objects) |
|
| CVE-2026-46628 |
low |
— |
2.5 |
8d ago |
Twig: The `spaceless` filter implicitly marks its output as safe |
|