Twig CVE-2026-48808
MEDIUMSeverity by source
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
PR:L reflects required template authoring access; C:H because arbitrary restricted object properties are disclosed; no integrity or availability impact described.
Primary rating from Vendor (https://github.com/twigphp/Twig).
CVSS VectorVendor: https://github.com/twigphp/Twig
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
Description
This is a residual bypass of CVE-2026-46635 / GHSA-vcc8-phrv-43wj that only affects sandboxing enabled through SourcePolicyInterface (and not the regular global sandbox mode).
CoreExtension::column() receives the active sandbox state via the needs_is_sandboxed channel as a boolean $isSandboxed, but then routes the per-element property reads through SandboxExtension::checkPropertyAllowed() without forwarding the current Source. SandboxExtension::checkPropertyAllowed() re-evaluates isSandboxed($source) internally; with $source = null the SourcePolicyInterface-driven decision is lost, the method short-circuits to "not sandboxed", and the property allowlist is never consulted.
A template author whose sandbox is gated by a SourcePolicyInterface and who has column on their allowedFilters list can therefore read any public or magic property of any object reachable in the render context, regardless of SecurityPolicy::$allowedProperties. Direct attribute access to the same property is blocked, and the same payload is also blocked under global sandbox mode, which makes this a clear policy enforcement gap rather than a configuration issue.
Resolution
CoreExtension::column() no longer goes through the SandboxExtension wrapper for the property check. It calls the security policy directly: the per-source decision is already captured by the $isSandboxed boolean computed at the call site, so the property allowlist is enforced consistently for both global and source-policy sandboxing.
Credits
Twig would like to thank Vincent55 Yang for reporting the issue and Fabien Potencier for providing the fix.
AnalysisAI
Sandbox property allowlist bypass in Twig's column filter allows template authors operating under SourcePolicyInterface-gated sandboxing to read any public or magic property of any object reachable in the render context, circumventing SecurityPolicy::$allowedProperties entirely. This is a residual bypass of CVE-2026-46635, exploitable only when three conditions coexist: SourcePolicyInterface-based sandbox mode, column present in allowedFilters, and attacker-controlled template authoring access. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires all three of the following conditions to be simultaneously true: (1) The Twig sandbox must be configured using `SourcePolicyInterface` specifically - applications using the regular global sandbox mode are explicitly confirmed unaffected by the advisory; (2) `column` must appear in the `allowedFilters` list of the sandbox policy - if `column` is not permitted, the filter cannot be invoked and the bypass path is unreachable; (3) the attacker must have Twig template authoring access, meaning the ability to write or inject template content that the application will render. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | No CVSS score or vector was provided for this CVE, so quantitative severity metrics must be inferred from the vulnerability description alone - this is a material data gap that should be noted. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with template authoring access in a multi-tenant application - such as a SaaS platform where end users can write Twig templates - crafts a template using the `column` filter against a collection that includes sensitive context objects (e.g., user records, configuration objects). Because `checkPropertyAllowed()` receives `$source = null`, the SourcePolicyInterface check is dropped and all public and magic properties of those objects are returned to the template output, disclosing data that the deploying application believed was restricted by its security policy. … |
| Remediation | Upgrade Twig to v3.27.0 or later, available at https://github.com/twigphp/Twig/releases/tag/v3.27.0, where `CoreExtension::column()` calls the security policy directly rather than delegating through `SandboxExtension::checkPropertyAllowed()`, ensuring the per-source decision captured in `$isSandboxed` is consistently enforced for both global and source-policy sandboxing. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-693 – Protection Mechanism Failure
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-h8vq-8gpg-mhcg