CVE-2026-23968
Copier safe template has arbitrary filesystem read access via symlinks when _preserve_symlinks: false
Description
### Impact Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use [unsafe](https://copier.readthedocs.io/en/stable/configuring/#unsafe) features like custom Jinja extensions which would require passing the `--UNSAFE,--trust` flag. As it turns out, a safe template can currently include arbitrary files/directories outside the local template clone location by using symlinks along with [`_preserve_symlinks: false`](https://copier.readthedocs.io/en/stable/configuring/#preserve_symlinks) (which is Copier's default setting). Imagine, e.g., a malicious template author who creates a template that reads SSH keys or other secrets from well-known locations and hopes for a user to push the generated project to a public location like [github.com](https://github.com/) where the template author can extract the secrets. Reproducible example: - Illegally include a file in the generated project via symlink resolution: ```shell echo "s3cr3t" > secret.txt mkdir src/ pushd src/ ln -s ../secret.txt stolen-secret.txt popd uvx copier copy src/ dst/ cat dst/stolen-secret.txt #s3cr3t ``` - Illegally include a directory in the generated project via symlink resolution: ```shell mkdir secrets/ pushd secrets/ echo "s3cr3t" > secret.txt popd mkdir src/ pushd src/ ln -s ../secrets stolen-secrets popd uvx copier copy src/ dst/ tree dst/ # dst/ # └── stolen-secrets # └── secret.txt # # 1 directory, 1 file cat dst/stolen-secrets/secret.txt # s3cr3t ``` ### Patches n/a ### Workarounds n/a ### References n/a
How to fix CVE-2026-23968
To remediate CVE-2026-23968, upgrade the affected package to a fixed version below.
- —upgrade to 9.11.2 or later
Is CVE-2026-23968 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.