Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
Github GHSA |
GHSA-8x9c-rmqh-456c | Twig: Sandbox `__toString()` policy bypass via `Traversable` in `join` and `replace` filters |
Wed, 15 Jul 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 14 Jul 2026 21:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Twig is a template language for PHP. Prior to 3.27.0, the sandbox __toString() checks do not fully cover Traversable values passed to join and replace filters or operands evaluated by the in and not in operators, allowing contained Stringable objects to be coerced to strings without consulting the sandbox policy. This issue is fixed in version 3.27.0. | |
| Title | Twig: Sandbox `__toString()` policy bypass via `Traversable` in `join` and `replace` filters | |
| Weaknesses | CWE-693 CWE-863 |
|
| References |
| |
| Metrics |
cvssV4_0
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-15T12:50:42.588Z
Reserved: 2026-05-22T20:57:10.975Z
Link: CVE-2026-48807
Updated: 2026-07-15T12:47:13.670Z
No data.
No data.
OpenCVE Enrichment
No data.
Github GHSA