Twig CVE-2026-46635
MEDIUMSeverity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (https://github.com/twigphp/Twig) · only source for this CVE.
CVSS VectorVendor: https://github.com/twigphp/Twig
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Description
The column filter passes its input straight to PHP's native array_column(). When the array elements are objects, array_column() reads $obj->$name (and $obj->$index) directly, including invoking __get/__isset. Because this property read happens entirely in PHP native code and never reaches CoreExtension::getAttribute(), SandboxExtension::checkPropertyAllowed() is never consulted.
An untrusted template author with column in their allowedFilters list can therefore read any public or magic property of any object reachable in the render context, regardless of the SecurityPolicy allowedProperties list. This is a variant of CVE-2024-51755 / GHSA-jjxq-ff2g-95vh that the ArrayAccess-focused fix did not cover.
Resolution
The column filter now routes object property reads through the sandbox-aware attribute accessor so the property allowlist is enforced.
Credits
Twig: would like to thank Claude Mythos Preview (via Project Glasswing) for reporting the issue and providing the fix.
AnalysisAI
Twig's sandbox security policy is bypassed via the column filter when processing arrays of PHP objects, allowing an untrusted template author to read any public or magic property of any object reachable in the render context - completely circumventing the SecurityPolicy's allowedProperties restrictions. All twig/twig versions prior to 3.26.0 are affected when sandbox mode is active and untrusted authors have column in their allowedFilters. This is a structural variant of CVE-2024-51755 that the prior ArrayAccess-focused fix left uncovered; no public exploit has been identified at time of analysis, and the fix is confirmed in Twig 3.26.0.
Technical ContextAI
Twig's sandbox mode enforces property access control through SandboxExtension::checkPropertyAllowed(), which is invoked exclusively via CoreExtension::getAttribute() - the standard Twig attribute accessor. The column filter (pkg:composer/twig/twig, all versions < 3.26.0) delegates directly to PHP's native array_column() function without routing through CoreExtension::getAttribute(). When the input array contains objects, PHP's array_column() reads $obj->$name and $obj->$index using the engine's own property resolution, including triggering __get and __isset magic methods. Because this entire read path executes inside PHP native code, it never reaches CoreExtension::getAttribute(), so SandboxExtension::checkPropertyAllowed() is never consulted. The root cause is classified as CWE-863 (Incorrect Authorization): the authorization gate exists but is bypassable via an alternative execution path. The fix in 3.26.0 routes object property reads from the column filter through the sandbox-aware attribute accessor, ensuring the allowedProperties list is enforced consistently. This mirrors the mechanism of CVE-2024-51755 (GHSA-jjxq-ff2g-95vh), which fixed an analogous bypass through ArrayAccess-implementing objects, but that patch addressed only the ArrayAccess branch and left the plain-object array_column() path unchecked.
RemediationAI
Upgrade twig/twig to version 3.26.0 or later, which is the vendor-released patch confirmed by the GitHub Security Advisory GHSA-vcc8-phrv-43wj (https://github.com/twigphp/Twig/security/advisories/GHSA-vcc8-phrv-43wj) and the FriendsOfPHP advisory database. Run composer update twig/twig and verify the installed version reaches 3.26.0. If immediate patching is not possible, remove column from the allowedFilters array in the sandbox SecurityPolicy configuration - this eliminates the attack vector entirely but will break any templates that rely on the column filter, requiring template modifications as a side effect. A second partial mitigation is to audit what objects are passed into the render context and strip or replace sensitive objects with plain-array representations before rendering untrusted templates; however, this is difficult to enforce comprehensively and is not a substitute for patching. Do not rely on the allowedProperties list alone as a security boundary on unpatched versions, as this CVE confirms it can be bypassed.
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not
(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear
ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Rated critical severity (C
Roundcube Webmail contains a critical PHP object deserialization vulnerability (CVE-2025-49113, CVSS 9.9) that allows au
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP c
Palo Alto Networks PAN-OS management web interface contains an authentication bypass allowing unauthenticated attackers
Nagios XI version xi-5.7.5 is affected by OS command injection. Rated high severity (CVSS 8.8), this vulnerability is re
Nagios XI version xi-5.7.5 is affected by OS command injection. Rated high severity (CVSS 8.8), this vulnerability is re
The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows
The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1
NetAlertX (formerly PiAlert) versions 23.01.14 through 24.x before 24.10.12 allow unauthenticated command injection thro
The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all
Same weakness CWE-863 – Incorrect Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-vcc8-phrv-43wj