All 6 CVE vulnerabilities found in copier, with AI-generated Chinese analysis, references, and POCs.
Vendor: copier-org
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-34730 | Copier `_external_data` allows path traversal and absolute-path local file read without unsafe mode CWE-22 | 5.5 | Medium | 2026-04-02 |
| CVE-2026-34726 | Copier `_subdirectory` allows template root escape via parent-directory traversal CWE-22 | 4.4 | Medium | 2026-04-02 |
| CVE-2026-23986 | Copier safe template has arbitrary filesystem write access via directory symlinks when _preserve_symlinks: true CWE-61 | 7.5AI | HighAI | 2026-01-21 |
| CVE-2026-23968 | Copier safe template has arbitrary filesystem read access via symlinks when _preserve_symlinks: false CWE-61 | 8.2AI | HighAI | 2026-01-21 |
| CVE-2025-55214 | Copier safe template has filesystem write access outside destination path CWE-22 | 7.5AI | HighAI | 2025-08-18 |
| CVE-2025-55201 | Copier safe template has arbitrary filesystem read/write access CWE-22 | 9.8AI | CriticalAI | 2025-08-18 |
All 6 known CVE vulnerabilities affecting copier with full Chinese analysis, references, and POCs where available.