Security Advisories - PKSA-h8hf-ytnd-5t9q - Packagist.org

PKSA-h8hf-ytnd-5t9q Security Advisory

[CRITICAL] PHP code injection via `{% use %}` template name

PKSA-h8hf-ytnd-5t9q CVE-2026-46633 GHSA-7p85-w9px-jpjp

Affected package: twig/twig

Affected version: >=1.0.0,<2.0.0|>=2.0.0,<3.0.0|>=3.0.0,<3.26.0

Reported by:
GitHub, FriendsOfPHP/security-advisories