Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-48808

Twig is a template language for PHP. Prior to 3.27.0, the column filter passes the active sandbox state as a boolean but does not forward the current Source to SandboxExtension::checkPropertyAllowed(), so SourcePolicyInterface decisions are lost and a template author can read public or magic properties not allowed by the sandbox policy. This issue is fixed in version 3.27.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 17.5%
CVSS Severity


Contact Us

Shodan ® - All rights reserved