CVE-2026-48807
MEDIUM SEVERITYVulnerability Description
Twig: Sandbox `__toString()` policy bypass via `Traversable` in `join` and `replace` filters
Vulnerability Details
Published Date
Last Modified
Source
GitHub
Vendor
composer
Product
twig/twig
External References
- https://github.com/twigphp/Twig/security/advisories/GHSA-8x9c-rmqh-456c
- https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/CVE-2026-48807.yaml
- https://github.com/twigphp/Twig/releases/tag/v3.27.0
- https://symfony.com/blog/cve-2026-48807-sandbox-tostring-policy-bypass-via-traversable-in-join-replace-and-in-not-in-operators
- https://github.com/advisories/GHSA-8x9c-rmqh-456c
Discussion (0)
Add Comment
No comments yet. Be the first!