Unbounded formatter memoisation in twig/intl-extra keyed on template-controlled arguments

PKSA-2rbx-bjdx-4d4d CVE-2026-46629

Affected package: twig/intl-extra

Affected version: >=2.12.0,<3.0.0|>=3.0.0,<3.26.0

Reported by:
FriendsOfPHP/security-advisories