CPL Library Vulnerability in Copier by Copier Org
CVE-2026-34730
5.5MEDIUM
What is CVE-2026-34730?
The Copier library, an application for rendering project templates, has a vulnerability in its _external_data feature that allows untrusted templates to access YAML files through user-controlled paths. This can lead to sensitive information exposure, as malicious templates can read and render the contents of any accessible local YAML files for the user running Copier. This issue was resolved in version 9.14.1, emphasizing the importance of keeping software up to date to mitigate such risks.
Affected Version(s)
copier < 9.14.1
