Listen to this Post
The vulnerability stems from the `October\Rain\Support\SafeCollection` class implementing the `CallsAnyMethod` interface, which instructs the `System\Twig\SecurityPolicy` to bypass the standard method allow‑listing for the collection object itself.
While `SafeCollection` attempts to filter arguments to prevent direct execution of callables, it does not block the `mapInto($class)` method.
`mapInto()` iterates over the collection and instantiates the provided class name: new $class($value, $key);.
An attacker can therefore instantiate any class known to the application.
Three exploitation paths exist:
- RCE – The security policy allow‑lists `__toString()` on all objects.
By instantiating `Psy\Readline\Hoa\Xcallable` (which wraps a callable) and wrapping it inside `GuzzleHttp\Psr7\FnStream` (which calls a user‑defined function in its `__toString` method), an attacker can trigger arbitrary PHP functions that require no arguments (e.g.,php_uname,phpinfo) simply by printing the object in Twig. - XXE – `SimpleXMLElement` accepts a libxml option flag as its second constructor argument.
`mapInto()` passes the collection key as the second argument.
By creating a collection with a key of `2` (i.e.,LIBXML_NOENT), external entity substitution is enabled, leading to XXE and the ability to read system files. - LFI – Instantiating `SplFileObject` with a file path and read mode (passed via
mapInto) returns a traversable file object.
Passing this object to the `collect()` helper triggers immediate iteration (via `iterator_to_array` inside the framework’s core), which bypasses the sandbox’s method blocking policy and allows reading any file the web server has access to.
The sandbox bypass is triggered only when `CMS_SAFE_MODE` is enabled (disabled by default) and the attacker has authenticated backend access with template editing permissions.
dailycve form
Platform: October CMS
Version: <=4.1.4,<=3.7.12
Vulnerability: Twig Sandbox Bypass
Severity: Moderate
date: Apr 14,2026
Prediction: Apr 15,2026
What Undercode Say:
Verify affected October CMS version
php artisan october:version | grep -E "October CMS v(3.|4.)"
Check if safe mode is enabled
grep CMS_SAFE_MODE .env | grep -i true
Twig payload (RCE) – execute php_uname
{% set clsX = 'Psy.Readline.Hoa.Xcallable'|replace({'.': '\'}) %}
{% set clsF = 'GuzzleHttp.Psr7.FnStream'|replace({'.': '\'}) %}
{% set x = collect({'': 'php_uname'}).mapInto(clsX).first() %}
{% set methods = {'__toString': x} %}
{% set f = collect([bash]).mapInto(clsF).first() %}
System Info: {{ f }}
Exploit:
Authenticated backend user with template editing privileges injects a Twig payload that abuses `collect()->mapInto()` to instantiate arbitrary classes (e.g., SimpleXMLElement, SplFileObject, `Xcallable` + FnStream), escaping the Twig sandbox and achieving RCE, LFI, or XXE.
Protection from this CVE:
- Upgrade to October CMS v4.1.5 or v3.7.13 immediately.
- If upgrading is not possible, disable `CMS_SAFE_MODE` in `.env` (
CMS_SAFE_MODE=false). - Restrict CMS template editing permissions to fully trusted administrators only.
Impact:
- Remote Code Execution (RCE): Execute arbitrary PHP functions (e.g.,
php_uname,phpinfo). - Local File Inclusion (LFI): Read any file the web server has access to (e.g.,
/etc/passwd,.env). - XXE Injection: Read system files via `SimpleXMLElement` with external entity substitution.
- Complete bypass of Twig sandbox protections when `CMS_SAFE_MODE` is enabled, allowing privilege escalation to system administrator level.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

