Sandbox property allowlist bypass via the `column` filter under `SourcePolicyInterface`

PKSA-fbvq-z33h-r2np CVE-2026-48808

Affected package: twig/twig

Affected version: >=1.0.0,<2.0.0|>=2.0.0,<3.0.0|>=3.0.0,<3.27.0

Reported by:
FriendsOfPHP/security-advisories