CVE-2026-47732 Sandbox: multiple `__toString()` policy bypasses via unguarded string coercion points
Sandbox: multiple `__toString()` policy bypasses via unguarded string coercion points
May 20, 2026
#Twig
The `spaceless` filter implicitly marks its output as safe
May 20, 2026
#Twig
Unbounded formatter memoisation in twig/intl-extra keyed on template-controlled arguments
May 20, 2026
#Twig
PHP code injection via `{% use %}` template name
May 20, 2026
#Twig
`template_from_string()` escapes a SourcePolicy-driven sandbox via synthesized template name
May 20, 2026
#Twig
Sandbox does not protect against resource exhaustion
May 20, 2026
#Twig
HTML-output filters in twig/* extras incorrectly declared `is_safe => ['all']`
May 20, 2026
#Twig
`{% sandbox %}{% include %}` skips checkSecurity() on cached templates (incomplete fix for CVE-2024-45411)
May 20, 2026
#Twig
Sandbox property and method bypass via object-destructuring assignment
May 20, 2026
#Twig
Sandbox property allowlist bypass via the `column` filter (array_column on objects)
May 20, 2026
#Twig