Sandbox `__toString()` policy bypass via dynamic mapping keys

PKSA-1tmc-rt7x-12w6 CVE-2026-48806

Affected package: twig/twig

Affected version: >=1.0.0,<2.0.0|>=2.0.0,<3.0.0|>=3.0.0,<3.27.0

Reported by:
FriendsOfPHP/security-advisories