PHP Template Language Twig Vulnerability in Multiple Versions
CVE-2026-47732
7.1HIGH
What is CVE-2026-47732?
A vulnerability in the Twig template language for PHP allows an attacker with access to a sandboxed template to exploit string coercion mechanisms. This can enable unauthorized invocation of the '__toString()' method on accessible objects, posing potential security risks by executing unintended code through various constructs, such as conditional expressions and comparison operators. The issue has been resolved in Twig version 3.26.0, which enforces more stringent checks on method invocations to enhance overall security.
Affected Version(s)
Twig < 3.26.0
