{"data":{"id":"03e65aea-7dd1-4c52-af76-30083794fe9a","title":"GHSA-7p85-w9px-jpjp: Twig: PHP code injection via `{% use %}` template name","summary":"Twig (a PHP template engine) has a vulnerability where template names in `{% use %}` tags aren't properly escaped, allowing attackers to inject arbitrary PHP code that executes when the template cache loads. This bypasses Twig's security sandbox, giving attackers remote code execution (the ability to run commands on the server).","solution":"`Compiler::string()` now escapes single quotes in addition to the characters it previously escaped, preventing template names from breaking out of the surrounding PHP string context.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-7p85-w9px-jpjp","publishedAt":"2026-05-21T21:24:53.000Z","cveId":"CVE-2026-46633","cweIds":null,"cvssScore":null,"cvssSeverity":"critical","severity":"critical","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":["twig/twig@< 3.26.0 (fixed: 3.26.0)"],"affectedVendors":["LangChain"],"affectedVendorsRaw":["Twig","Symfony","LangChain (indirect via Twig dependency)"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-05-21T21:24:53.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}