Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-48805

Twig is a template language for PHP. Prior to 3.27.0, deprecated internal wrappers in src/Resources/core.php do not forward the current sandbox state to CoreExtension::checkArrow(), arraySome(), and arrayEvery(), allowing legacy calls such as twig_array_some(), twig_array_every(), and twig_check_arrow_in_sandbox() to bypass sandbox callable restrictions. This issue is fixed in version 3.27.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 19.5%
CVSS Severity


Contact Us

Shodan ® - All rights reserved