CVE-2026-46638: CWE-693: Protection Mechanism Failure in twigphp Twig
Twig, a PHP template language, has a protection mechanism failure vulnerability prior to version 3.26.0. The issue involves the {% sandbox %}{% include %} tags allowing inclusion of templates loaded…
Read the full article2d agoen
You might also wanna read
Twig Template Engine Vulnerability Allows Sandbox Policy Bypass
A critical vulnerability in Twig versions 3.9.0 through 3.25.0 allows sandboxed templates to bypass security policy enforcement.
Xploitwire·3h ago
Critical PHP Injection Vulnerability Patched in Twig Template Engine
A critical vulnerability in Twig versions prior to 3.26.0 allows attackers to inject arbitrary PHP code via crafted template names in {% use
Xploitwire·3h ago

WAF - WAF Release - 2025-10-13
This week’s highlights include a new JinJava rule targeting a sandbox-bypass flaw that could allow malicious template input to escape execut
Cloudflare·9mo ago

Comments
Sign in to join the conversation.
No comments yet. Be the first.