CPL Library Vulnerability in Copier by Copier Org
CVE-2026-34730

5.5MEDIUM

Key Information:

Vendor

Copier-org

Status
Vendor
CVE Published:
2 April 2026

What is CVE-2026-34730?

The Copier library, an application for rendering project templates, has a vulnerability in its _external_data feature that allows untrusted templates to access YAML files through user-controlled paths. This can lead to sensitive information exposure, as malicious templates can read and render the contents of any accessible local YAML files for the user running Copier. This issue was resolved in version 9.14.1, emphasizing the importance of keeping software up to date to mitigate such risks.

Affected Version(s)

copier < 9.14.1

References

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.