DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2026-23986: Copy-Paste-Pwn: Escaping the Sandbox in Copier via Symlink Teleportation

#security #cve #cybersecurity

Copy-Paste-Pwn: Escaping the Sandbox in Copier via Symlink Teleportation

Vulnerability ID: CVE-2026-23986
CVSS Score: 6.9
Published: 2026-01-21

A logic flaw in Copier's symlink handling allows 'safe' templates to escape the destination directory and overwrite arbitrary files on the host system. By abusing the '_preserve_symlinks' feature and the non-deterministic nature of directory iteration, attackers can trick the renderer into writing through a symlink before checking where it points.

TL;DR

If you use Copier to generate projects from templates, a malicious template author can overwrite your files (like SSH keys or config files) even without the --UNSAFE flag. The vulnerability exploits the order in which Copier processes files: if it creates a symlink to /etc first, and then writes a file 'inside' that symlink, the write escapes the sandbox.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-61 (Symlink Following)
  • CVSS 4.0: 6.9 (Medium)
  • Attack Vector: Local (via Template)
  • Privileges Required: None
  • User Interaction: Required (User must run copier)
  • Impact: High Integrity / High Availability

Affected Systems

  • Copier CLI < 9.11.2
  • Copier Python Library < 9.11.2
  • copier: < 9.11.2 (Fixed in: 9.11.2)

Code Analysis

Commit: 41cb45c

Fix: prevent arbitrary filesystem write via symlinks

if not dst_realpath.is_relative_to(dst_root): raise ForbiddenPathError(path=dst_relpath)
Enter fullscreen mode Exit fullscreen mode

Commit: b3a7b37

Fix: restrict symlink includes

prevent reading files outside template root via symlinks
Enter fullscreen mode Exit fullscreen mode

Exploit Details

  • GitHub Advisory: PoC demonstrating overwriting external files using _preserve_symlinks

Mitigation Strategies

  • Update Copier to version 9.11.2 or higher.
  • Audit third-party templates for _preserve_symlinks: true.
  • Run template generation in isolated environments (Docker/Podman).
  • Avoid running Copier with elevated privileges (sudo).

Remediation Steps:

  1. Check your current version: copier --version
  2. Upgrade via pip: pip install --upgrade copier
  3. Upgrade via pipx (common for CLI tools): pipx upgrade copier
  4. Verify the upgrade: Ensure version is >= 9.11.2

References

Read the full report for CVE-2026-23986 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)