UBUNTU-CVE-2026-46638
A vulnerability in the Twig PHP template engine prior to version 3.26.0 allows cached templates included within a sandbox to bypass security checks. This occurs because the checkSecurity() method is not re-invoked for templates previously loaded outside the sandbox, potentially permitting use of disallowed tags, filters, and functions. The issue is fixed in Twig version 3.26.0.
AI Analysis
Technical Summary
Twig versions prior to 3.26.0 contain a security flaw where the {% sandbox %}{% include %} construct can include a template cached from outside the sandbox without re-executing SecurityPolicy::checkSecurity(). This bypass allows the cached template to utilize tags, filters, and functions that should be restricted by the sandbox's security policy. The vulnerability is resolved in Twig 3.26.0 by ensuring checkSecurity() is properly invoked on included templates within the sandbox context.
Potential Impact
An attacker able to influence template inclusion could exploit this vulnerability to execute template code with elevated privileges within the sandbox, potentially bypassing intended security restrictions on tags, filters, and functions. This could lead to unauthorized code execution or information disclosure within the affected PHP application environment.
Mitigation Recommendations
This vulnerability is fixed in Twig version 3.26.0. Users should upgrade to version 3.26.0 or later to remediate this issue. No other mitigations are indicated. Patch status is confirmed fixed in 3.26.0. Check vendor advisories for updates relevant to your distribution and environment.
UBUNTU-CVE-2026-46638
Description
A vulnerability in the Twig PHP template engine prior to version 3.26.0 allows cached templates included within a sandbox to bypass security checks. This occurs because the checkSecurity() method is not re-invoked for templates previously loaded outside the sandbox, potentially permitting use of disallowed tags, filters, and functions. The issue is fixed in Twig version 3.26.0.
CVSS v4.0
Affected software
pkg:deb/ubuntu/[email protected]~esm2?arch=source&distro=esm-apps/focalpkg:deb/ubuntu/[email protected]+esm2?arch=source&distro=esm-apps/jammypkg:deb/ubuntu/[email protected]+esm1?arch=source&distro=esm-apps/noblepkg:deb/ubuntu/[email protected]?arch=source&distro=questingpkg:deb/ubuntu/[email protected]~esm1?arch=source&distro=esm-apps/resoluteRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Twig versions prior to 3.26.0 contain a security flaw where the {% sandbox %}{% include %} construct can include a template cached from outside the sandbox without re-executing SecurityPolicy::checkSecurity(). This bypass allows the cached template to utilize tags, filters, and functions that should be restricted by the sandbox's security policy. The vulnerability is resolved in Twig 3.26.0 by ensuring checkSecurity() is properly invoked on included templates within the sandbox context.
Potential Impact
An attacker able to influence template inclusion could exploit this vulnerability to execute template code with elevated privileges within the sandbox, potentially bypassing intended security restrictions on tags, filters, and functions. This could lead to unauthorized code execution or information disclosure within the affected PHP application environment.
Mitigation Recommendations
This vulnerability is fixed in Twig version 3.26.0. Users should upgrade to version 3.26.0 or later to remediate this issue. No other mitigations are indicated. Patch status is confirmed fixed in 3.26.0. Check vendor advisories for updates relevant to your distribution and environment.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- UBUNTU-CVE-2026-46638
- Osv Schema Version
- 1.7.0
- Aliases
- []
- Ecosystems
- ["Ubuntu:Pro:20.04:LTS","Ubuntu:Pro:22.04:LTS","Ubuntu:Pro:24.04:LTS","Ubuntu:25.10","Ubuntu:Pro:26.04:LTS"]
- Database Specific Severity
- null
- Cvss Version
- 4.0
Threat ID: 6a58b4a068715ace43da8d3a
Added to database: 07/16/2026, 10:38:24 UTC
Last enriched: 07/16/2026, 12:29:57 UTC
Last updated: 07/17/2026, 02:31:41 UTC
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.