Directory Traversal Vulnerability in Copier Library by Copier Org
CVE-2026-34726
4.4MEDIUM
What is CVE-2026-34726?
The Copier library, a tool for rendering project templates, has a directory traversal flaw in its _subdirectory setting before version 9.14.1. This vulnerability allows attackers to manipulate the template root by using parent directory traversal sequences, such as '..', to escape the designated template directory. Consequently, this can expose sensitive files from the parent directory during rendering operations, even without using the --UNSAFE flag. Users are strongly encouraged to update to version 9.14.1 or later, where this issue has been resolved.
Affected Version(s)
copier < 9.14.1
