CVE-2026-46637
LOW SEVERITYVulnerability Description
Twig: HTML-output filters in twig/* extras incorrectly declared `is_safe => ['all']`
Vulnerability Details
Published Date
Last Modified
Source
GitHub
Vendor
composer
Product
twig/markdown-extra
External References
- https://github.com/twigphp/Twig/security/advisories/GHSA-jv8m-2544-3pg3
- https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/cssinliner-extra/CVE-2026-46637.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/markdown-extra/CVE-2026-46637.yaml
- https://symfony.com/cve-2026-46637
- https://github.com/advisories/GHSA-jv8m-2544-3pg3
Discussion (0)
Add Comment
No comments yet. Be the first!