Listen to this Post
The object-destructuring assignment syntax introduced in Twig 3.24.0 creates a call to `CoreExtension::getAttribute()` with the `$sandboxed` argument hardcoded to false. This happens regardless of whether a `SandboxExtension` is active, permanently disabling the sandbox’s property and method policy checks for every destructuring expression. The vulnerable code can be seen in ObjectDestructuringSetBinary::compile(), which emits:
CoreExtension::getAttribute($this->env, $this->source, ..., \Twig\Template::ANY_CALL, false, false, false, ...); // ^^^^^ // sandbox check never runs
In contrast, `GetAttrExpression::compile()` correctly passes $env->hasExtension(SandboxExtension::class). An attacker with write access to a sandboxed Twig template can therefore read any public property or invoke any public getter on objects passed to the template engine, bypassing `SecurityPolicy` restrictions. The attack requires only the `{% do %}` tag to be in allowedTags, which is a common configuration. The vulnerability was introduced in Twig 3.24.0 and affects versions up to 3.25.x. The fix was released in Twig 3.26.0, where the destructuring compiler now forwards the active sandbox flag to `getAttribute()` so property and method allowlists are enforced.
dailycve form:
Platform: Twig PHP
Version: 3.24.0-3.25.x
Vulnerability : Sandbox property bypass
Severity: High
date: 2026-05-20
Prediction: Patch expected 2026-05-20
Analytics under heading What Undercode Say:
Showing bash commands and codes related to the blog
Check installed Twig version composer show twig/twig | grep versions Update to patched version composer require twig/twig:^3.26.0 Verify patch is applied php -r "echo TWIG_VERSION;"
Exploit:
{ Vulnerable Twig template (sandboxed) }
{% do user %}
{% set { property: value } = user %}
{{ value }}
If `user` is an object with a sensitive `password` property, the above bypasses the sandbox and prints its value.
Protection from this CVE
Upgrade to Twig 3.26.0 or later. If immediate upgrade is impossible, backport the fix from commit c4c8f1d or remove the `{% do %}` tag from `allowedTags` as a temporary workaround.
Impact
Successful exploitation allows an attacker with write access to a sandboxed Twig template to read any public property or invoke any public getter on objects passed to the template engine, completely bypassing the sandbox’s security policy. This can lead to information disclosure of sensitive data (e.g., database credentials, API keys, PII) and potentially privilege escalation if getters perform sensitive operations.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]
📢 Follow DailyCVE & Stay Tuned:
𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin
Pydantic AI, SSRF Cloud-Metadata Blocklist Bypass via IPv6 Transition Forms, CVE-2026-46678 (Moderate)
