CVE-2026-48808
14.07.2026, 22:17
Twig is a template language for PHP. Prior to 3.27.0, the column filter passes the active sandbox state as a boolean but does not forward the current Source to SandboxExtension::checkPropertyAllowed(), so SourcePolicyInterface decisions are lost and a template author can read public or magic properties not allowed by the sandbox policy. This issue is fixed in version 3.27.0.Enginsight
Awaiting analysis
This vulnerability is currently awaiting analysis.
Debian Releases
Common Weakness Enumeration