Intel

AIKIDO-2026-910211

cakephp/twig-view is vulnerable to Path Traversal

Path TraversalCVE-2026-59191 Published 3 days ago

59

Medium Risk

This Affects:

PHPcakephp/twig-view
1.0.1 - 1.3.2
Fixed in 1.3.3
2.0.0 - 2.1.1
Fixed in 2.1.2
Are you affected? Scan for Free

TL;DR

The FileLoader::findTemplate() method resolves template names for the include and extends tags without confining the resolved path to the allowed template directories. When an application passes user-controlled data as a template name, the loader can resolve paths outside the intended template roots and read arbitrary files on the server. The file contents are then returned through the template engine, exposing sensitive server files. The fix restricts template resolution to the configured template and plugin paths and rejects names that resolve outside them.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range and your application passes user-controlled data to the include or extends tags.

Background info

cakephp/twig-view is vulnerable to Path Traversal in versions 1.0.1 - 1.3.2 and 2.0.0 - 2.1.1.

How to fix this

Upgrade the cakephp/twig-view library to the patch version.