Auth bypass in Twigphp Twig

CVE-2026-48808

Twig is a template language for PHP. Prior to 3.27.0, the column filter passes the active sandbox state as a boolean but does not forward the current Source to SandboxExtension::checkPropertyAllowed(), so SourcePolicyInterface decisions ar…

Affected products

Weakness classification (CWE)

References