Twig, Sandbox Bypass, CVE-2026-24425 (Critical) -DC-Jun2026-93

Listen to this Post

Intro

CVE-2026-24425 is a sandbox bypass vulnerability affecting Twig versions 2.16.x and all versions from 3.9.0 through 3.25.x. Twig is a popular PHP templating engine that includes a sandbox feature to restrict template authors from executing arbitrary PHP code. The sandbox can be enabled globally or through a source policy (SourcePolicyInterface). This vulnerability specifically impacts installations using source‑policy based sandboxing rather than the global sandbox.
The issue resides in how Twig handles certain filters – sort, filter, map, and `reduce` – when a source policy is active. Internally, these filters accept PHP callables as arguments. Normally, the sandbox wraps the template compilation process and validates every function and method call against an allowed list. However, when the sandbox relies on a source policy, the runtime check that inspects callable arguments fails to reference the current template source. As a result, the sandbox bypasses validation for callables passed to these filters.
An attacker with template rendering capabilities can therefore pass arbitrary PHP callables (e.g., system, exec, eval) to any of the affected filters. Because the sandbox does not check the source of the template that defines the callable, the malicious callable is executed directly in the PHP runtime. This leads to arbitrary code execution (ACE) with the privileges of the web server.
The vulnerability is distinct from a global sandbox bypass because the global sandbox applies a uniform set of restrictions irrespective of the template source. Source policies allow different templates to have different sandbox rules. The flaw is that the runtime callable validation does not respect the template’s source origin, enabling an attacker to smuggle dangerous callables from an unprivileged context into a privileged one.
Twig maintainers have released patches in versions 3.25.1 and 2.16.1. Users of affected versions are strongly advised to upgrade immediately. No workarounds are available besides upgrading or disabling source policy sandboxing in favour of the global sandbox.

DailyCVE Form

Platform: Twig
Version: 2.16.x/3.9.0-3.25.x
Vulnerability: Sandbox Bypass
Severity: Critical
date: May 20, 2026

Prediction: June 15, 2026

What Undercode Say

Analytics show active exploitation attempts for CVE-2026-24425 in the wild. The following bash commands and code snippets demonstrate how to identify vulnerable Twig installations and verify the issue.

Check Twig version (composer)
composer show twig/twig | grep versions
Grep for source policy usage in codebase
grep -r "SourcePolicyInterface" /path/to/project
Exploit test (PoC) – mapping system call
echo '{{ [bash]|map("system", "id") }}' | php twig-cli
Monitor web server logs for suspicious template rendering
tail -f /var/log/nginx/access.log | grep -E "(sort|filter|map|reduce)"

Exploit

An attacker who can control template input (e.g., through user‑supplied variables or by editing a template file) can exploit the vulnerability by injecting a payload into one of the affected filters. Example:

{{ ["id"]|map("system") }}

When rendered, Twig executes `system(“id”)` even if the sandbox denies system. More advanced payloads can achieve a reverse shell or read sensitive files. Exploitation requires no special privileges beyond template editing rights.

Protection

  • Upgrade Twig to version 2.16.1 or 3.25.1 (or later).
  • If upgrading is not possible, disable source‑policy sandboxing and use the global sandbox instead.
  • Validate all user‑supplied template variables and avoid passing arbitrary callable names to templates.
  • Apply Web Application Firewall (WAF) rules that block HTTP requests containing suspicious Twig filter patterns (e.g., `|map(` or |filter().

Impact

  • Remote Code Execution (RCE) – Attacker can execute arbitrary PHP commands on the server.
  • Complete Sandbox Bypass – All sandbox restrictions are ineffective when a source policy is used.
  • Data Breach – Sensitive files (e.g., .env, configuration) can be read via system commands.
  • Privilege Escalation – The executed code runs with web server user privileges, potentially leading to further compromise.

🎯Let’s Practice Exploiting & Learn Patching For Free:

🎓 Live Courses & Certifications:

Join Undercode Academy for Verified Certifications

🚀 Request a Custom Project:

Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top