Security Advisories - PKSA-dpx1-78wg-1kqs - Packagist.org

PKSA-dpx1-78wg-1kqs Security Advisory

[HIGH] Sandbox: multiple `__toString()` policy bypasses via unguarded string coercion points

PKSA-dpx1-78wg-1kqs CVE-2026-47732 GHSA-pr2w-4gpj-cpq4

Affected package: twig/twig

Affected version: >=1.0.0,<2.0.0|>=2.0.0,<3.0.0|>=3.0.0,<3.26.0

Reported by:
GitHub, FriendsOfPHP/security-advisories