CVE-2026-46639: Twig: Sandbox property and method bypass via object-destructuring assignment

May 21, 2026

The object-destructuring assignment syntax introduced in Twig 3.24.0 generates a call to CoreExtension::getAttribute() with the $sandboxed argument hardcoded to false, regardless of whether a SandboxExtension is active. This permanently disables the sandbox’s property and method policy checks for every destructuring expression.

ObjectDestructuringSetBinary::compile() emits:

CoreExtension::getAttribute($this->env, $this->source, ..., \Twig\Template::ANY_CALL, false, false, false, ...);
//                                                                                ^^^^^
//                                                                       sandbox check never runs

Whereas GetAttrExpression::compile() correctly passes $env->hasExtension(SandboxExtension::class).

An attacker with write access to a sandboxed Twig template can read any public property or invoke any public getter on objects passed to the template engine, bypassing SecurityPolicy restrictions. The exploit requires only the {% do %} tag to be in allowedTags, which is a common configuration.

References

Code Behaviors & Features

Detect and mitigate CVE-2026-46639 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →