CVE-2026-46637

LOWPre-NVD 0.0
0.0
EchelonGraph verdictMonitorLow exploitation likelihood right now — keep watching.
  • No confirmed exploitation signals yet
CISA-KEV: Not listedEPSS: 0%CVSS: Exploit: NoneExposed: 0

No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.

Twig: HTML-output filters in twig/* extras incorrectly declared is_safe => ['all']

Description

Several filters in the twig/* extras packages are registered with is_safe => ['all'], which tells Twig's autoescaper to treat their output as safe in every context (html, js, css, url, ...). The output of these filters is plain text or HTML markup, neither of which is safe in every escaping context.

Affected filters:

  • html_to_markdown (twig/markdown-extra) emits plain Markdown text. league/html-to-markdown decodes HTML entities when producing code spans and fenced blocks, so an attacker-controlled <img src=x onerror=alert(1)> becomes ` , which renders live when interpolated into an HTML page.
  • markdown_to_html (twig/markdown-extra) emits HTML. Safe in an HTML context but not in JS, CSS or URL contexts (e.g. when interpolated into an inline block).
  • inline_css (twig/cssinliner-extra) emits HTML with inlined styles. Same constraint as markdown_to_html.

In all three cases, is_safe => ['all'] causes the autoescaper to emit the output verbatim in any context, even when the developer never wrote |raw. In a context such as a JS string or a URL parameter, this produces unescaped HTML and is exploitable as XSS.

Resolution

  • html_to_markdown no longer claims to be safe in any escaping context; its plain-text output is now autoescaped for the surrounding context.
  • markdown_to_html and inline_css are now declared is_safe => ['html'], asserting only what they actually guarantee.

Credits

Twig would like to thank Claude Mythos Preview (via Project Glasswing) for reporting the issue and providing the fix for html_to_markdown and markdown_to_html in twig/markdown-extra, and Christophe Coevoet for extending the audit to inline_css in twig/cssinliner-extra`.

CVSS v3
EG Score
0.0(none)
EPSS
19.1%
KEV
Not listed

Published

May 21, 2026

Last Modified

May 21, 2026

Vendor Advisories for CVE-2026-46637(1)

These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.

Affected Packages

(2 across 1 ecosystem)
Packagist(2)
PackageVulnerable rangeFixed inDependents
twig/cssinliner-extrav2.12.0 ... v3.9.0 (55 versions)3.26.0
twig/markdown-extrav2.12.0 ... v3.9.0 (60 versions)3.26.0

Data Freshness Timeline

(refreshed 0× in last 7d / 4× in last 30d)

Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.

  1. 2026-06-14 23:18 UTCEPSS rescore
  2. 2026-06-14 02:55 UTCEG score recompute
  3. 2026-06-13 23:00 UTCEPSS rescore
  4. 2026-06-12 23:12 UTCEPSS rescore
  5. 2026-05-24 06:10 UTCEG score recompute

Frequently asked(4)

What is CVE-2026-46637?
CVE-2026-46637 is a low vulnerability published on May 21, 2026. Twig: HTML-output filters in twig/* extras incorrectly declared is_safe => ['all'] Description Several filters in the twig/* extras packages are registered with is_safe => ['all'], which tells Twig's autoescaper to treat their output as safe in every context (html, js, css, url, ...). The output of…
When was CVE-2026-46637 disclosed?
CVE-2026-46637 was first published in the National Vulnerability Database on May 21, 2026. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.
Is CVE-2026-46637 actively exploited?
CVE-2026-46637 is not currently on CISA's Known Exploited Vulnerabilities catalog. FIRST EPSS estimates a 19.1% percentile likelihood of exploitation in the next 30 days — higher percentiles indicate greater predicted risk.
How do I remediate CVE-2026-46637?
Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2026-46637, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

See which npm, PyPI, Go, and Maven packages are affected by CVE-2026-46637

Explore →

Is Your Infrastructure Affected by CVE-2026-46637?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.