Skip to main content

Twig CVE-2026-48808

MEDIUM
Protection Mechanism Failure (CWE-693)
2026-06-30 https://github.com/twigphp/Twig GHSA-h8vq-8gpg-mhcg
6.0
CVSS 4.0 · Vendor: https://github.com/twigphp/Twig
Share

Severity by source

Vendor (https://github.com/twigphp/Twig) PRIMARY
6.0 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.5 MEDIUM

PR:L reflects required template authoring access; C:H because arbitrary restricted object properties are disclosed; no integrity or availability impact described.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (https://github.com/twigphp/Twig).

CVSS VectorVendor: https://github.com/twigphp/Twig

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
CVSS changed
Jul 14, 2026 - 22:22 NVD
6.0 (MEDIUM)
Analysis Generated
Jun 30, 2026 - 19:25 vuln.today

DescriptionCVE.org

Description

This is a residual bypass of CVE-2026-46635 / GHSA-vcc8-phrv-43wj that only affects sandboxing enabled through SourcePolicyInterface (and not the regular global sandbox mode).

CoreExtension::column() receives the active sandbox state via the needs_is_sandboxed channel as a boolean $isSandboxed, but then routes the per-element property reads through SandboxExtension::checkPropertyAllowed() without forwarding the current Source. SandboxExtension::checkPropertyAllowed() re-evaluates isSandboxed($source) internally; with $source = null the SourcePolicyInterface-driven decision is lost, the method short-circuits to "not sandboxed", and the property allowlist is never consulted.

A template author whose sandbox is gated by a SourcePolicyInterface and who has column on their allowedFilters list can therefore read any public or magic property of any object reachable in the render context, regardless of SecurityPolicy::$allowedProperties. Direct attribute access to the same property is blocked, and the same payload is also blocked under global sandbox mode, which makes this a clear policy enforcement gap rather than a configuration issue.

Resolution

CoreExtension::column() no longer goes through the SandboxExtension wrapper for the property check. It calls the security policy directly: the per-source decision is already captured by the $isSandboxed boolean computed at the call site, so the property allowlist is enforced consistently for both global and source-policy sandboxing.

Credits

Twig would like to thank Vincent55 Yang for reporting the issue and Fabien Potencier for providing the fix.

AnalysisAI

Sandbox property allowlist bypass in Twig's column filter allows template authors operating under SourcePolicyInterface-gated sandboxing to read any public or magic property of any object reachable in the render context, circumventing SecurityPolicy::$allowedProperties entirely. This is a residual bypass of CVE-2026-46635, exploitable only when three conditions coexist: SourcePolicyInterface-based sandbox mode, column present in allowedFilters, and attacker-controlled template authoring access. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain template authoring access in target application
Delivery
Identify render-context object with sensitive public/magic properties
Exploit
Craft Twig template invoking column filter on that object
Execution
Twig passes null Source to checkPropertyAllowed()
Persist
SourcePolicyInterface decision discarded, allowlist skipped
Impact
Arbitrary property values returned in template output

Vulnerability AssessmentAI

Exploitation Exploitation requires all three of the following conditions to be simultaneously true: (1) The Twig sandbox must be configured using `SourcePolicyInterface` specifically - applications using the regular global sandbox mode are explicitly confirmed unaffected by the advisory; (2) `column` must appear in the `allowedFilters` list of the sandbox policy - if `column` is not permitted, the filter cannot be invoked and the bypass path is unreachable; (3) the attacker must have Twig template authoring access, meaning the ability to write or inject template content that the application will render. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment No CVSS score or vector was provided for this CVE, so quantitative severity metrics must be inferred from the vulnerability description alone - this is a material data gap that should be noted. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with template authoring access in a multi-tenant application - such as a SaaS platform where end users can write Twig templates - crafts a template using the `column` filter against a collection that includes sensitive context objects (e.g., user records, configuration objects). Because `checkPropertyAllowed()` receives `$source = null`, the SourcePolicyInterface check is dropped and all public and magic properties of those objects are returned to the template output, disclosing data that the deploying application believed was restricted by its security policy. …
Remediation Upgrade Twig to v3.27.0 or later, available at https://github.com/twigphp/Twig/releases/tag/v3.27.0, where `CoreExtension::column()` calls the security policy directly rather than delegating through `SandboxExtension::checkPropertyAllowed()`, ensuring the per-source decision captured in `$isSandboxed` is consistently enforced for both global and source-policy sandboxing. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-48808 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy