Listen to this Post
The CVE‑2026‑46635 vulnerability exists in Twig’s sandbox component and allows an attacker to bypass the property allowlist via the `column` filter.
The `column` filter internally calls PHP’s native `array_column()` function. When the input array contains objects, `array_column()` reads properties directly by accessing `$obj->$name` (and $obj->$index). This native property read triggers any `__get()` or `__isset()` magic methods defined on the object.
Crucially, because the property access occurs inside the PHP engine and never reaches Twig’s CoreExtension::getAttribute(), the sandbox’s `SandboxExtension::checkPropertyAllowed()` is never invoked. As a result, the security policy’s `allowedProperties` list is completely ignored.
An untrusted template author who has the `column` filter in their `allowedFilters` list can therefore read any public or magic property of any object reachable in the render context. This includes sensitive data such as database credentials, configuration values, or internal object state.
This vulnerability is a variant of CVE‑2024‑51755 (GHSA‑jjxq‑ff2g‑95vh). The earlier fix addressed the issue only for `ArrayAccess` objects, leaving the object‑property‑read case unpatched.
The resolution, included in Twig version 3.26.0, routes object property reads through a sandbox‑aware attribute accessor. This ensures that property accesses are subject to the same allowlist checks as other attribute accesses.
dailycve form
Platform: Twig
Version: <3.26.0
Vulnerability : Sandbox Property Bypass
Severity: Low
date: 2026‑05‑20
Prediction: Patch 2026‑05‑20
What Undercode Say:
Check installed Twig version composer show twig/twig | grep versions
// Example vulnerable template (sandbox enabled)
{% set objects = [user, admin] %}
{% set leaked = objects|column('database_password') %}
Test with a sandbox policy that would normally block access to 'database_password'
php -r "require 'vendor/autoload.php'; \$twig = new Twig\Environment(new Twig\Loader\ArrayLoader(['test' => '{{ users|column(\'database_password\') }}'])); \$twig->addExtension(new Twig\Extension\SandboxExtension(new Twig\Sandbox\SecurityPolicy([], [], [], [], []))); echo \$twig->render('test', ['users' => [new User()]]);"
// Secure configuration – remove 'column' from allowedFilters \$policy = new Twig\Sandbox\SecurityPolicy([], [], [], [], ['escape', 'date']);
Exploit:
An attacker with template editing privileges can inject a template that uses the `column` filter on an array of objects, reading properties that should be forbidden by the sandbox policy (e.g., {{ users|column('password') }}, {{ config|column('api_secret') }}).
Protection from this CVE
- Upgrade to Twig version 3.26.0 or later.
- Remove the `column` filter from the `allowedFilters` list in your sandbox policy.
- Restrict template author permissions to only trusted users.
- Apply input validation to reject templates containing the `column` filter until the upgrade is complete.
Impact:
Information disclosure of arbitrary object properties, potentially exposing sensitive data (credentials, internal state, configuration) and enabling privilege escalation or further attacks against the application.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

