XSS in profiler HtmlDumper via unescaped template and profile names

PKSA-wwb1-81rc-pd65 CVE-2026-47730

Affected package: twig/twig

Affected version: >=3.0.0,<3.26.0

Reported by:
FriendsOfPHP/security-advisories