VIR Vulnerability Intelligence Relay

Package impact

php COMPOSER / twig/twig

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-46633 critical 9.5 9d ago Twig: PHP code injection via `{% use %}` template name
CVE-2026-46634 medium 5.5 9d ago Twig: `template_from_string()` escapes a SourcePolicy-driven sandbox via synthesized template name
CVE-2026-46638 medium 5.5 9d ago Twig: `{% sandbox %}{% include %}` skips checkSecurity() on cached templates (incomplete fix for CVE-2024-45411)