| CVE-2026-46633 |
critical |
— |
9.5 |
|
|
|
9d ago |
Twig: PHP code injection via `{% use %}` template name |
| CVE-2026-24425 |
high |
8.8 |
8.8 |
|
|
|
9d ago |
Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PH… |
| CVE-2026-46639 |
high |
— |
8.0 |
|
|
|
9d ago |
Twig: Sandbox property and method bypass via object-destructuring assignment |
| CVE-2026-46640 |
high |
— |
8.0 |
|
|
|
9d ago |
Twig: Arbitrary PHP code execution via `_self.(<string>)` macro-reference compilation |
| CVE-2015-7809 |
medium |
— |
6.8 |
|
|
|
11y ago |
Twig remote code execution in templates |
| CVE-2026-46638 |
medium |
— |
5.5 |
|
|
|
9d ago |
Twig: `{% sandbox %}{% include %}` skips checkSecurity() on cached templates (incomplete fix for CVE-2024-45411) |
| CVE-2026-46634 |
medium |
— |
5.5 |
|
|
|
9d ago |
Twig: `template_from_string()` escapes a SourcePolicy-driven sandbox via synthesized template name |
| CVE-2026-46635 |
low |
— |
2.5 |
|
|
|
9d ago |
Twig: Sandbox property allowlist bypass via the `column` filter (array_column on objects) |
| CVE-2026-46628 |
low |
— |
2.5 |
|
|
|
9d ago |
Twig: The `spaceless` filter implicitly marks its output as safe |