CVE-2026-24425— Twig 2.16.x & 3.9.0-3.25.x Sandbox Bypass via SourcePolicyInterface
Possible ATT&CK Techniques 2AI
T1059 · Command and Scripting Interpreter T1190 · Exploit Public-Facing ApplicationGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-24425
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Twig 2.16.x & 3.9.0-3.25.x Sandbox Bypass via SourcePolicyInterface
Source: NVD (National Vulnerability Database)
Vulnerability Description
Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PHP callables to sort, filter, map, and reduce filters. Attackers can exploit the runtime check that fails to use the current template source to bypass sandbox restrictions and execute arbitrary code when the sandbox is enabled through a source policy rather than globally.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
保护机制失效
Source: NVD (National Vulnerability Database)
Vulnerability Title
Twig 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Twig是Twig开源的一个PHP模板引擎。 Twig 2.16.x版本和3.9.0至3.25.x版本存在安全漏洞,该漏洞源于使用SourcePolicyInterface时沙箱绕过,可能导致攻击者绕过沙箱限制并执行任意代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-24425
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
Qwen3.6-35B-A3B · 9003 chars
Pro+ exclusive includes:
Vulnerability reproduction recording (real sandbox build + trigger, exclusive)
In-depth vulnerability mechanism
Trigger conditions & impact
Full executable POC code
Exploit chain & mitigation
POC zip download
100+ AI POC generations per month
III. Intelligence Information for CVE-2026-24425
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-24425 (2)
Vendor Pages for CVE-2026-24425 (1)
IV. Related Vulnerabilities
Same product: Twig
- CVE-2025-24374
Twig fixes a security issue where escaping was missing when - CVE-2024-51754
Unguarded calls to __toString() when nesting an object into - CVE-2024-51755
Unguarded calls to __isset() and to array-accesses when the - CVE-2024-45411
Twig has a possible sandbox bypass - CVE-2022-39261
Twig may load a template outside a configured directory when
Same vendor: twigphp
- CVE-2025-24374
Twig fixes a security issue where escaping was missing when - CVE-2024-51754
Unguarded calls to __toString() when nesting an object into - CVE-2024-51755
Unguarded calls to __isset() and to array-accesses when the - CVE-2024-45411
Twig has a possible sandbox bypass - CVE-2022-39261
Twig may load a template outside a configured directory when
Same weakness: CWE-693
V. Comments for CVE-2026-24425
No comments yet