Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Debian Trixie php-twig Important Code Injection Fixes DSA-6311-1

debian
Calendar Grey May 29, 2026
Debian Logo
Debian DSA-6311-1 details multiple vulnerabilities in php-twig including code injection and cross-site scripting fixes.
Multiple security vulnerabilities were discovered in Twig, a template engine for PHP, which could result in PHP code injection, sandbox bypass or cross-site scripting

Summary

For the stable distribution (trixie), these problems have been fixed in
version 3.27.0-0+deb13u1.

We recommend that you upgrade your php-twig packages.

For the detailed security status of php-twig please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/php-twig

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/



Severity
important
Lowest
Low
Medium
High
Critical

Package: php-twig
CVE ID: CVE-2026-24425 CVE-2026-46627 CVE-2026-46628 CVE-2026-46629

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here