Sandbox property and method bypass via object-destructuring assignment

PKSA-hgmw-wn4d-hpcy CVE-2026-46639

Affected package: twig/twig

Affected version: >=3.24.0,<3.26.0

Reported by:
FriendsOfPHP/security-advisories