Search by 
PKSA-21g2-dzjv-sky5 Security Advisory
-
[MEDIUM] `template_from_string()` escapes a SourcePolicy-driven sandbox via synthesized template name
PKSA-21g2-dzjv-sky5 CVE-2026-46634 GHSA-24x9-r6q4-q93w
Affected package: twig/twig
Affected version: >=3.9.0,<3.26.0
Reported by:
GitHub, FriendsOfPHP/security-advisories