Twig 3.26.0 is a security release fixing 13 advisories, with two rated critical, three high, four medium, and four low. Almost all of them target the sandbox, the component that lets applications run untrusted templates under an explicit allow-list of tags, filters, functions, properties, and methods. All users running untrusted templates through the sandbox should upgrade immediately.