CVE-2026-23986 Overview
CVE-2026-23986 is a symlink attack vulnerability in Copier, a popular library and CLI application for rendering project templates. Prior to version 9.11.2, the application's handling of symbolic links allows malicious template authors to write files to arbitrary directories outside the intended destination path. This occurs when combining directory symlinks with the _preserve_symlinks: true configuration option, enabling attackers to craft templates that can overwrite arbitrary files based on the user's write permissions.
Critical Impact
Malicious template authors can create templates that overwrite arbitrary files on the victim's system, potentially leading to data destruction, configuration tampering, or code execution through file replacement.
Affected Products
- Copier versions prior to 9.11.2
- Any system using Copier with _preserve_symlinks: true configuration
- Development environments where untrusted templates are processed
Discovery Timeline
- 2026-01-21 - CVE CVE-2026-23986 published to NVD
- 2026-01-21 - Last updated in NVD database
Technical Details for CVE-2026-23986
Vulnerability Analysis
The vulnerability exists in how Copier handles symbolic links during template rendering. Copier promotes itself as safe to use with templates that don't employ unsafe features (like custom Jinja extensions requiring the --UNSAFE,--trust flag). However, this safety assumption is flawed when symlinks are involved.
The core issue stems from CWE-61 (UNIX Symbolic Link Following), where the application fails to properly validate the final resolved path when symlinks are present. When a template includes _preserve_symlinks: true, Copier preserves symbolic links in the generated output. An attacker can exploit this by including a directory symlink pointing outside the destination path, combined with template files that render inside that symlinked directory.
Root Cause
The root cause is insufficient path validation when symbolic links are preserved during template rendering. Copier does not verify that the final resolved path of generated files remains within the designated destination directory when symlinks are in the chain. This allows symlink traversal to escape the intended output boundary.
Attack Vector
The attack requires local access and user interaction, as the victim must execute Copier with a malicious template. The attacker crafts a template containing:
- A directory that is actually a symbolic link pointing to a sensitive location (e.g., ~/.config/)
- The _preserve_symlinks: true directive to ensure symlinks are preserved
- Template files structured to render inside the symlinked directory
When a victim generates a project from this template, files are written through the symlink to the attacker-controlled destination, bypassing the expected output path constraints.
The vulnerability does not require the --UNSAFE or --trust flags, making it particularly dangerous as users may believe they are operating in a safe mode. The attack can overwrite configuration files, scripts in PATH directories, or any location writable by the current user.
Detection Methods for CVE-2026-23986
Indicators of Compromise
- Unexpected symbolic links in project templates pointing outside the project directory
- Modified files in sensitive system or user configuration directories after template generation
- Templates containing _preserve_symlinks: true combined with directory symlinks
- Unexplained file modifications timestamped around Copier template execution times
Detection Strategies
- Monitor filesystem operations during Copier execution for writes outside the designated destination path
- Implement file integrity monitoring on critical configuration directories
- Audit templates before use by inspecting for symlinks and _preserve_symlinks directives
- Review template sources for untrusted or recently modified symbolic link structures
Monitoring Recommendations
- Enable audit logging for file creation and modification events in sensitive directories
- Track Copier process execution and correlate with filesystem changes outside expected output paths
- Implement alerting for symbolic link creation in template directories
- Monitor for unusual patterns of file overwrites in user home directories during development activities
How to Mitigate CVE-2026-23986
Immediate Actions Required
- Upgrade Copier to version 9.11.2 or later immediately
- Audit existing templates for suspicious symbolic links before generating projects
- Avoid using _preserve_symlinks: true with untrusted templates until patched
- Review recently generated projects for unexpected files or symlinks outside destination paths
Patch Information
The vulnerability has been patched in Copier version 9.11.2. The fix is available in GitHub Commit b3a7b37 and can be obtained through the v9.11.2 release. For additional details, refer to the GitHub Security Advisory GHSA-4fqp-r85r-hxqh.
Workarounds
- Disable _preserve_symlinks in template configurations when processing untrusted templates
- Manually inspect all templates for symbolic links before execution
- Run Copier in a sandboxed environment with restricted filesystem access
- Use file permission restrictions to limit writable directories during template generation
# Upgrade Copier to patched version
pip install --upgrade copier>=9.11.2
# Verify installed version
copier --version
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
