Vulnerability in Copier-org Copier

CVE-2026-23968

Copier is a library and CLI app for rendering project templates. Prior to version 9.11.2, Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions whi…

EPSS: 0.000 (15.5th percentile) — read the EPSS interpretation.

Affected products

Copier-org Copier — versions < 9.11.2

Weakness classification (CWE)

CWE-61 — UNIX Symbolic Link (Symlink) Following

References

https://github.com/copier-org/copier/security/advisories/GHSA-xjhm-gp88-8pfx (x_refsource_CONFIRM)
https://github.com/copier-org/copier/commit/b3a7b3772d17cf0e7a4481978188c9f536c8d8f6 (x_refsource_MISC)