PT-2026-32697 · October · October

Łukasz Rybak

Published

2026-04-14

Updated

2026-04-19

CVE-2026-22692

CVSS v3.1

6.8

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions October versions prior to 3.7.13 October versions 4.0.0 through 4.1.4

Description A sandbox bypass exists in the optional Twig safe mode feature CMS SAFE MODE. Certain methods on the collect() helper were not properly restricted, allowing authenticated users with template editing permissions to bypass sandbox protections. This issue only affects installations where CMS SAFE MODE is enabled, which is disabled by default, and requires authenticated backend access with CMS template editing permissions.

Recommendations Update versions prior to 3.7.13 to 3.7.13. Update versions 4.0.0 through 4.1.4 to 4.1.5. Disable CMS SAFE MODE if untrusted template editing is not required. Restrict CMS template editing permissions to fully trusted administrators only.

Fix

Improper Access Control

Protection Mechanism Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-693

Related Identifiers

CVE-2026-22692

GHSA-M5QG-JC75-4JP6

Affected Products

October

PT-2026-32697 · October · October

CVE-2026-22692

Weakness Enumeration

Related Identifiers

Affected Products

References · 5