CVE-2026-46633 - Twig: PHP code injection via `{% use %}` template name
CVE ID :CVE-2026-46633 Published : July 14, 2026, 10:16 p.m. | 17 minutes ago Description :Twig is a template language for PHP. Prior to 3.26.0, Compiler::string() does not escape single quotes when a template name from a {% use %} tag is placed inside a PHP single-quoted string literal,...