Twig, Sandbox Bypass via Object Destructuring, CVE-2026-46639 (High)

Listen to this Post

The object-destructuring assignment syntax introduced in Twig 3.24.0 creates a call to `CoreExtension::getAttribute()` with the `$sandboxed` argument hardcoded to false. This happens regardless of whether a `SandboxExtension` is active, permanently disabling the sandbox’s property and method policy checks for every destructuring expression. The vulnerable code can be seen in ObjectDestructuringSetBinary::compile(), which emits:

CoreExtension::getAttribute($this->env, $this->source, ..., \Twig\Template::ANY_CALL, false, false, false, ...);
// ^^^^^
// sandbox check never runs

In contrast, `GetAttrExpression::compile()` correctly passes $env->hasExtension(SandboxExtension::class). An attacker with write access to a sandboxed Twig template can therefore read any public property or invoke any public getter on objects passed to the template engine, bypassing `SecurityPolicy` restrictions. The attack requires only the `{% do %}` tag to be in allowedTags, which is a common configuration. The vulnerability was introduced in Twig 3.24.0 and affects versions up to 3.25.x. The fix was released in Twig 3.26.0, where the destructuring compiler now forwards the active sandbox flag to `getAttribute()` so property and method allowlists are enforced.

dailycve form:

Platform: Twig PHP
Version: 3.24.0-3.25.x
Vulnerability : Sandbox property bypass
Severity: High
date: 2026-05-20

Prediction: Patch expected 2026-05-20

Analytics under heading What Undercode Say:

Showing bash commands and codes related to the blog

Check installed Twig version
composer show twig/twig | grep versions
Update to patched version
composer require twig/twig:^3.26.0
Verify patch is applied
php -r "echo TWIG_VERSION;"

Exploit:

{ Vulnerable Twig template (sandboxed) }
{% do user %}
{% set { property: value } = user %}
{{ value }}

If `user` is an object with a sensitive `password` property, the above bypasses the sandbox and prints its value.

Protection from this CVE

Upgrade to Twig 3.26.0 or later. If immediate upgrade is impossible, backport the fix from commit c4c8f1d or remove the `{% do %}` tag from `allowedTags` as a temporary workaround.

Impact

Successful exploitation allows an attacker with write access to a sandboxed Twig template to read any public property or invoke any public getter on objects passed to the template engine, completely bypassing the sandbox’s security policy. This can lead to information disclosure of sensitive data (e.g., database credentials, API keys, PII) and potentially privilege escalation if getters perform sensitive operations.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Previous

Pydantic AI, SSRF Cloud-Metadata Blocklist Bypass via IPv6 Transition Forms, CVE-2026-46678 (Moderate)

Scroll to Top