{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/twig-project/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Twig (\u003c= 3.26.0)"],"_cs_severities":["high"],"_cs_tags":["twig","vulnerability","sandbox-bypass","web-application","rce"],"_cs_type":"advisory","_cs_vendors":["Twig Project"],"content_html":"\u003cp\u003eA critical vulnerability (CVE-2026-49981) has been identified in the Twig templating engine, specifically affecting versions up to 3.26.0. This flaw allows an attacker to bypass the security sandbox's filter, tag, and function allow-lists in applications utilizing long-lived worker environments (e.g., FrankenPHP, RoadRunner, Symfony Messenger consumers). The core issue stems from the \u003ccode\u003echeckSecurity()\u003c/code\u003e method, which governs template security, being invoked only once during a template's initial construction and caching. If the application later changes its sandbox state—such as enabling or disabling the sandbox, or altering the security policy—a previously cached \u003ccode\u003eTemplate\u003c/code\u003e instance retains its initial, potentially less restrictive, security verdict. This oversight allows an attacker to execute arbitrary code or functions that should be prohibited within a sandboxed environment, presenting a significant risk for server-side template injection leading to remote code execution.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eInitial Access / Malicious Template Injection\u003c/strong\u003e: An attacker identifies a web application feature that allows the submission or modification of Twig templates, such as a custom theme editor, report generator, or CMS, typically achieved via an exploit in another component or a legitimate feature misused.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eNon-Sandboxed Pre-Rendering\u003c/strong\u003e: The attacker crafts a malicious Twig template and arranges for the vulnerable application to render it (or a part of it, like a shared layout) in an initially \u003cem\u003enon-sandboxed\u003c/em\u003e context.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTemplate Caching with Permissive Verdict\u003c/strong\u003e: Twig processes this non-sandboxed template, creating and caching a \u003ccode\u003eTemplate\u003c/code\u003e instance. The built-in \u003ccode\u003echeckSecurity()\u003c/code\u003e method is invoked, recording a permissive security verdict due to the non-sandboxed environment.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSandbox State Transition\u003c/strong\u003e: The application's environment later transitions to a \u003cem\u003esandboxed\u003c/em\u003e state, either through \u003ccode\u003eenableSandbox()\u003c/code\u003e/\u003ccode\u003edisableSandbox()\u003c/code\u003e calls or a change in the \u003ccode\u003eSecurityPolicy\u003c/code\u003e for subsequent template renders.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCached Template Reuse\u003c/strong\u003e: The application attempts to render the \u003cem\u003esame previously cached \u003ccode\u003eTemplate\u003c/code\u003e instance\u003c/em\u003e (e.g., through an \u003ccode\u003eextends\u003c/code\u003e, \u003ccode\u003euse\u003c/code\u003e, \u003ccode\u003einclude\u003c/code\u003e, or \u003ccode\u003eimport\u003c/code\u003e statement) in this now-sandboxed context.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSecurity Policy Bypass\u003c/strong\u003e: Due to the vulnerability, the cached \u003ccode\u003eTemplate\u003c/code\u003e instance reuses its initial, permissive security verdict for filters, tags, and functions, effectively bypassing the newly active sandbox \u003ccode\u003eSecurityPolicy\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eArbitrary Code Execution\u003c/strong\u003e: The malicious template then executes functions or uses filters/tags that would normally be blocked by the sandbox, leading to arbitrary code execution on the server.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eImpact\u003c/strong\u003e: Successful exploitation allows for remote code execution, data exfiltration, and potential full system compromise.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThis vulnerability poses a significant risk to web applications using Twig in environments where the sandbox state can change dynamically, particularly in long-lived workers like those found in FrankenPHP, RoadRunner, or Symfony Messenger consumers. A successful exploitation of CVE-2026-49981 can lead to arbitrary code execution on the affected server, enabling attackers to fully compromise the host system, exfiltrate sensitive data, or install further malicious software. While specific victim counts are not available, Twig is a widely used templating engine across various PHP applications, making many organizations potentially susceptible if their deployments meet the vulnerable configuration.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePatch CVE-2026-49981 immediately\u003c/strong\u003e by upgrading \u003ccode\u003ecomposer/twig/twig\u003c/code\u003e to a version greater than 3.26.0. This addresses the core vulnerability.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eReview your application's Twig usage\u003c/strong\u003e to ensure \u003ccode\u003eEnvironment\u003c/code\u003e instances are properly isolated and not shared between sandboxed and non-sandboxed contexts, especially in long-lived worker processes, as described in this brief.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-03T12:40:14Z","date_published":"2026-07-03T12:40:14Z","id":"https://feed.craftedsignal.io/briefs/2026-07-twig-sandbox-bypass/","summary":"A high-severity vulnerability, CVE-2026-49981, in the Twig templating engine allows for a sandbox bypass when the sandbox state changes between renders for a cached `Template` instance, enabling the execution of otherwise restricted filters, tags, and functions in sandboxed contexts.","title":"Twig: Sandbox filter, tag and function allow-list bypass when sandbox state changes between renders for a cached `Template`","url":"https://feed.craftedsignal.io/briefs/2026-07-twig-sandbox-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed - Twig Project","version":"https://jsonfeed.org/version/1.1"}