PT-2026-42168 · Twig · Twig
CVSS v3.1
9.9
Critical
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Twig versions 2.16.x
Twig versions 3.9.0 through 3.25.x
Description
A sandbox bypass exists when using a
SourcePolicyInterface. This occurs because a runtime check fails to use the current template source, allowing attackers with template rendering capabilities to pass arbitrary PHP callables to the sort, filter, map, and reduce filters. This can lead to arbitrary code execution when the sandbox is enabled via a source policy instead of globally.Recommendations
Update Twig versions 2.16.x to a newer version containing the fix.
Update Twig versions 3.9.0 through 3.25.x to a newer version containing the fix.
Exploit
Fix
Protection Mechanism Failure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Twig