GHSA-h8vq-8gpg-mhcg: Twig: Sandbox property allowlist bypass via the `column` filter under `SourcePolicyInterface`
A vulnerability in twig/twig prior to version 3.27.0 allows a sandbox property allowlist bypass via the `column` filter when sandboxing is enabled through `SourcePolicyInterface`. This bypass permits a template author to read any public or magic property of objects in the render context, circumventing the intended property allowlist restrictions. The issue arises because the `column` filter improperly routes property checks, losing the sandbox source context and thus skipping allowlist enforcement. This vulnerability is a policy enforcement gap affecting only the `SourcePolicyInterface` sandbox mode, not the global sandbox mode.
AI Analysis
Technical Summary
The vulnerability (CVE-2026-48808) is a residual bypass of a previous issue (CVE-2026-46635) affecting twig/twig's sandboxing when enabled via `SourcePolicyInterface`. The `CoreExtension::column()` method receives a sandbox state boolean but delegates property access checks to `SandboxExtension::checkPropertyAllowed()` without forwarding the source context. This causes `checkPropertyAllowed()` to treat the source as null, bypassing the property allowlist enforced by `SecurityPolicy::$allowedProperties`. Consequently, template authors with `column` in their allowed filters can access any public or magic property of objects in the rendering context, violating sandbox restrictions. The issue does not affect the global sandbox mode and is fixed by having `CoreExtension::column()` call the security policy directly with the sandbox state, ensuring consistent enforcement.
Potential Impact
The vulnerability allows unauthorized read access to any public or magic property of objects accessible in the template rendering context when sandboxing is enabled via `SourcePolicyInterface`. This bypasses the intended property allowlist restrictions, potentially exposing sensitive data or internal state that should be protected by the sandbox. Direct attribute access and global sandbox mode remain protected, limiting the scope to specific sandbox configurations using `SourcePolicyInterface` and the `column` filter.
Mitigation Recommendations
Upgrade twig/twig to version 3.27.0 or later, where the vulnerability is fixed by changing `CoreExtension::column()` to call the security policy directly, preserving the sandbox source context and enforcing the property allowlist correctly. No other mitigation is required as this is a policy enforcement gap fixed in the official release. Patch status is confirmed by the versioning information provided.
GHSA-h8vq-8gpg-mhcg: Twig: Sandbox property allowlist bypass via the `column` filter under `SourcePolicyInterface`
Description
A vulnerability in twig/twig prior to version 3.27.0 allows a sandbox property allowlist bypass via the `column` filter when sandboxing is enabled through `SourcePolicyInterface`. This bypass permits a template author to read any public or magic property of objects in the render context, circumventing the intended property allowlist restrictions. The issue arises because the `column` filter improperly routes property checks, losing the sandbox source context and thus skipping allowlist enforcement. This vulnerability is a policy enforcement gap affecting only the `SourcePolicyInterface` sandbox mode, not the global sandbox mode.
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability (CVE-2026-48808) is a residual bypass of a previous issue (CVE-2026-46635) affecting twig/twig's sandboxing when enabled via `SourcePolicyInterface`. The `CoreExtension::column()` method receives a sandbox state boolean but delegates property access checks to `SandboxExtension::checkPropertyAllowed()` without forwarding the source context. This causes `checkPropertyAllowed()` to treat the source as null, bypassing the property allowlist enforced by `SecurityPolicy::$allowedProperties`. Consequently, template authors with `column` in their allowed filters can access any public or magic property of objects in the rendering context, violating sandbox restrictions. The issue does not affect the global sandbox mode and is fixed by having `CoreExtension::column()` call the security policy directly with the sandbox state, ensuring consistent enforcement.
Potential Impact
The vulnerability allows unauthorized read access to any public or magic property of objects accessible in the template rendering context when sandboxing is enabled via `SourcePolicyInterface`. This bypasses the intended property allowlist restrictions, potentially exposing sensitive data or internal state that should be protected by the sandbox. Direct attribute access and global sandbox mode remain protected, limiting the scope to specific sandbox configurations using `SourcePolicyInterface` and the `column` filter.
Mitigation Recommendations
Upgrade twig/twig to version 3.27.0 or later, where the vulnerability is fixed by changing `CoreExtension::column()` to call the security policy directly, preserving the sandbox source context and enforcing the property allowlist correctly. No other mitigation is required as this is a policy enforcement gap fixed in the official release. Patch status is confirmed by the versioning information provided.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- GHSA-h8vq-8gpg-mhcg
- Osv Schema Version
- 1.4.0
- Aliases
- ["CVE-2026-48808"]
- Ecosystems
- ["Packagist"]
- Database Specific Severity
- MODERATE
- Cvss Version
- null
Threat ID: 6a4452e027e9c797198e107f
Added to database: 06/30/2026, 23:36:00 UTC
Last enriched: 06/30/2026, 23:46:55 UTC
Last updated: 06/30/2026, 23:46:55 UTC
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.