CVE lookup
CVE-2026-24425
Pruva has a verified reproduction for CVE-2026-24425: Twig: sandbox bypass via SourcePolicy filter check enables arbitrary PHP callables. The canonical evidence record is REPRO-2026-00151.
REPRO
REPRO-2026-00151
Package
twig/twig · composer
Severity
HIGH
Status
published