Skip to content

GHSA lookup

GHSA-2Q52-X2FF-QGFR

Pruva has a verified reproduction for GHSA-2Q52-X2FF-QGFR: Twig: sandbox bypass via SourcePolicy filter check enables arbitrary PHP callables. The canonical evidence record is REPRO-2026-00151.

REPRO

REPRO-2026-00151

Package

twig/twig · composer

Severity

HIGH

Status

published