Possible sandbox bypass when using a source policy

PKSA-gw7n-z4yx-7xjt CVE-2026-24425

Affected package: twig/twig

Affected version: >=2.16.0,<3.0.0|>=3.9.0,<3.26.0

Reported by:
FriendsOfPHP/security-advisories