Twig Sandbox Bypass via Object Destructuring Assignment (CVE-2026-46639)
A vulnerability in Twig versions 3.24.0 to 3.26.0 (CVE-2026-46639) allows an attacker with write access to a sandboxed Twig template to bypass security policy restrictions by exploiting object-destructuring assignment to read any public property or invoke any public getter on objects passed to the template engine.
Twig versions 3.24.0 to 3.26.0 contain a sandbox bypass vulnerability (CVE-2026-46639) due to the object-destructuring assignment syntax introduced in version 3.24.0. This syntax generates a call to CoreExtension::getAttribute() with the $sandboxed argument hardcoded to false, effectively disabling property and method policy checks. An attacker with write access to a sandboxed Twig template can exploit this to read any public property or invoke any public getter on objects passed to the template engine, bypassing the intended SecurityPolicy restrictions. The exploit requires only the {% do %} tag to be in allowedTags, a common configuration in many Twig deployments. This bypass allows attackers to potentially gain sensitive information or execute arbitrary code depending on the objects passed to the template.
Attack Chain
- An attacker gains write access to a Twig template file within a sandboxed environment.
- The attacker injects a Twig template containing an object-destructuring assignment expression, such as
{% set { foo, bar } = my_object %}. - The Twig template engine parses and compiles the modified template.
- During compilation, the
ObjectDestructuringSetBinary::compile()function is invoked. ObjectDestructuringSetBinary::compile()generates a call toCoreExtension::getAttribute()with the$sandboxedargument set tofalse.- When the template is rendered, the
getAttribute()function is executed without enforcing the sandbox's property and method access restrictions. - The attacker is able to read public properties and invoke public getters of
my_objectthat would normally be blocked by theSecurityPolicy. - The attacker leverages the ability to access sensitive data or trigger unintended behavior, potentially escalating privileges or gaining further access to the system.
Impact
Successful exploitation of this vulnerability (CVE-2026-46639) allows attackers to bypass the Twig sandbox, potentially leading to information disclosure or arbitrary code execution. The number of affected installations is unknown, but any Twig application using versions 3.24.0 to 3.26.0 with a sandboxed environment is vulnerable if an attacker can modify the template files. The primary impact is a loss of confidentiality and integrity within the application, as attackers can access sensitive data or modify application behavior.
Recommendation
- Upgrade to Twig version 3.26.0 or later to patch CVE-2026-46639.
- Implement strict access controls to prevent unauthorized modification of Twig template files.
- Deploy the Sigma rule
Detect Twig Sandbox Bypass via getAttributeto detect exploitation attempts based on the vulnerablegetAttribute()calls.
Detection coverage 1
Detect Twig Sandbox Bypass via getAttribute
highDetects CVE-2026-46639 exploitation - Calls to `CoreExtension::getAttribute` with the `$sandboxed` argument set to `false`, indicating a potential sandbox bypass.
Detection queries are available on the platform. Get full rules →