[HIGH] Sandbox property and method bypass via object-destructuring assignment

PKSA-hgmw-wn4d-hpcy CVE-2026-46639 GHSA-mm6w-gr99-p3jj

Affected package: twig/twig

Affected version: >=3.24.0,<3.26.0

Reported by:
GitHub, FriendsOfPHP/security-advisories