CVE-2026-35525 Overview
CVE-2026-35525 is a Symlink Attack vulnerability affecting LiquidJS, a Shopify/GitHub Pages compatible template engine written in pure JavaScript. Prior to version 10.25.3, LiquidJS fails to properly validate file paths when processing {% include %}, {% render %}, and {% layout %} directives. The template engine performs path-based containment checks rather than resolving symbolic links to their actual targets, allowing attackers to read arbitrary files outside the allowed template roots through carefully crafted symlinks.
Critical Impact
Attackers can bypass directory containment restrictions to read sensitive files outside the configured partials or layouts roots, potentially exposing configuration files, credentials, or other sensitive data in multi-tenant or user-controlled template environments.
Affected Products
- LiquidJS versions prior to 10.25.3
- Applications using LiquidJS with user-controllable template directories
- Systems accepting uploaded themes, extracted archives, or repository-controlled template trees
Discovery Timeline
- 2026-04-08 - CVE CVE-2026-35525 published to NVD
- 2026-04-08 - Last updated in NVD database
Technical Details for CVE-2026-35525
Vulnerability Analysis
This vulnerability stems from a fundamental flaw in how LiquidJS validates template inclusion paths. When a template uses directives like {% include %}, {% render %}, or {% layout %}, LiquidJS checks whether the requested path falls within the configured partials or layouts root directories. However, this validation operates on the path string itself rather than the actual filesystem target after symlink resolution.
For example, if an attacker can create a file at partials/link.liquid that is actually a symbolic link pointing to /etc/passwd or another sensitive file outside the allowed root, LiquidJS will pass the path validation because partials/link.liquid appears to be within the allowed directory. When the file is subsequently opened for reading, the operating system's filesystem layer follows the symlink and reads the external target file, which LiquidJS then renders as template content.
This behavior creates a significant security gap in environments where attackers have any ability to influence the contents of template directories—a common scenario in platforms that accept uploaded themes, process extracted archives (such as ZIP files containing templates), mount external content volumes, or allow repository-controlled template trees.
Root Cause
The root cause is classified as CWE-61 (UNIX Symbolic Link Following). LiquidJS applies directory containment validation to the pathname string before reading, but does not call realpath() or an equivalent function to resolve symlinks and verify that the final target file resides within the allowed boundaries. This creates a Time-of-Check Time-of-Use (TOCTOU) gap where the path that passes validation differs from the file that is actually read.
Attack Vector
The attack requires network access to the vulnerable application and involves the following exploitation scenario:
An attacker who can influence files within a trusted template root (through theme uploads, archive extraction, mounted content, or repository access) creates a symbolic link that appears to be a legitimate template file. The symlink's name and location pass the directory containment check, but it points to a sensitive file outside the allowed root. When the application processes a request that triggers the template inclusion, LiquidJS reads and renders the external file's contents, potentially exposing sensitive information to the attacker.
The vulnerability is particularly dangerous in multi-tenant environments where users can upload custom themes or templates, as a malicious user could create symlinks to access files belonging to other tenants or the hosting system itself.
Detection Methods for CVE-2026-35525
Indicators of Compromise
- Presence of symbolic links within template directories (partials, layouts) pointing to files outside allowed roots
- Unexpected file access patterns in server logs showing reads of sensitive system files
- Template rendering errors or unusual content that appears to contain configuration data or credentials
- Symlinks in uploaded theme packages or extracted archives targeting paths like /etc/passwd, environment files, or application secrets
Detection Strategies
- Implement file integrity monitoring on template directories to detect creation of symbolic links
- Audit uploaded themes and archives for symlinks before extraction or deployment
- Monitor template engine logs for file read operations that resolve to unexpected paths
- Deploy application-layer security tools that can detect path traversal attempts via symlink resolution
Monitoring Recommendations
- Enable verbose logging for LiquidJS template resolution to capture included file paths
- Configure filesystem monitoring to alert on symlink creation in template directories
- Implement security scanning in CI/CD pipelines for repository-controlled templates
- Review web application firewall logs for patterns consistent with information disclosure attempts
How to Mitigate CVE-2026-35525
Immediate Actions Required
- Upgrade LiquidJS to version 10.25.3 or later immediately
- Audit existing template directories for unauthorized symbolic links
- Review recently uploaded themes or templates for malicious symlinks
- Consider temporarily disabling user-uploaded templates until the patch is applied
Patch Information
The vulnerability has been fixed in LiquidJS version 10.25.3. The patch implements proper symlink resolution to ensure that the actual target file, not just the requested path, is validated against the allowed directory boundaries. Organizations should update their LiquidJS dependency to 10.25.3 or later as soon as possible.
For detailed technical information about the fix, refer to:
Workarounds
- Remove write permissions from template directories to prevent symlink creation by untrusted processes
- Implement pre-deployment validation scripts that reject symbolic links in template packages
- Configure chroot or container isolation to limit the filesystem visibility from the template engine process
- Use filesystem mount options like nosymfollow where available to prevent symlink traversal
# Configuration example
# Scan template directories for symbolic links before deployment
find /app/templates/partials /app/templates/layouts -type l -ls
# Remove any discovered symlinks pointing outside allowed roots
find /app/templates -type l -exec test ! -e {} \; -delete
# Update LiquidJS to patched version
npm update liquidjs@10.25.3
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
