Login Sign Up

CVE-2026-23968

5.5 MEDIUM
Path Traversal

📋 TL;DR

This vulnerability in Copier allows safe templates to include arbitrary files/directories outside the local template clone location using symlinks with the default '_preserve_symlinks: false' setting. This affects users who generate projects from templates with Copier versions before 9.11.2, potentially leading to unauthorized file access.

💻 Affected Systems

Products:
  • Copier
Versions: All versions prior to 9.11.2
Operating Systems: All platforms where Copier runs
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability exists with default '_preserve_symlinks: false' setting when using templates marked as 'safe'.

📦 What is this software?

Copier by Copier Org

View all CVEs affecting Copier →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could craft a malicious template that reads sensitive system files or writes to critical directories, potentially leading to data exfiltration or system compromise.

🟠

Likely Case

Template creators could inadvertently or maliciously include files outside the intended template scope, leading to unintended file access or modification during project generation.

🟢

If Mitigated

With proper template vetting and security controls, the risk is limited to accidental file inclusion rather than malicious exploitation.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires creating or modifying a template with symlinks, but the technique is straightforward once understood.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.11.2

Vendor Advisory: https://github.com/copier-org/copier/security/advisories/GHSA-xjhm-gp88-8pfx

Restart Required: No

Instructions:

1. Update Copier using pip: 'pip install --upgrade copier>=9.11.2' 2. Verify installation with 'copier --version' 3. Regenerate any projects created with vulnerable versions if using untrusted templates.

🔧 Temporary Workarounds

Set _preserve_symlinks to true

all

Force symlink preservation in template configuration to prevent the bypass

Set '_preserve_symlinks: true' in your template's copier.yml

Use only trusted templates

all

Only generate projects from templates you have fully reviewed and trust

🧯 If You Can't Patch

  • Only use templates from trusted sources that you have manually reviewed for symlink usage
  • Audit all existing templates for symlinks pointing outside template directories

🔍 How to Verify

Check if Vulnerable:

Check if Copier version is below 9.11.2: 'copier --version'

Check Version:

copier --version

Verify Fix Applied:

Confirm version is 9.11.2 or higher: 'copier --version' should show >=9.11.2

📡 Detection & Monitoring

Log Indicators:

  • Unusual file access patterns during template rendering
  • Symlink resolution errors in Copier logs

Network Indicators:

  • N/A - local file system vulnerability

SIEM Query:

Search for process executions of 'copier' with file access patterns to sensitive directories

📊 Metadata

CVE ID: CVE-2026-23968
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE: CWE-61
EPSS Score: 0.03% exploit probability (8th percentile)
Published: January 21, 2026
Last Updated: February 2, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-23968, you might also want to check these:

CVE-2025-23394 9.8

A UNIX symbolic link following vulnerability in cyrus-imapd on openSUSE Tumbleweed allows local atta...

Same vulnerability type (CWE-61)
CVE-2024-54661 9.8

This vulnerability in socat's readline.sh script allows local privilege escalation through insecure ...

Same vulnerability type (CWE-61)
CVE-2025-55345 8.8

This vulnerability in Codex CLI allows attackers to overwrite arbitrary files and potentially achiev...

Same vulnerability type (CWE-61)