CVE-2026-53951 in copier
Summary
by MITRE • 07/08/2026
Copier is a library and CLI app for rendering project templates. In versions 9.5.0 through 9.15.1, the `trust` setting's prefix match (`copier/_settings.py`) compares the template URL against a trusted prefix with a raw `str.startswith` and no path normalization, while the URL is normalized when the template is actually fetched (`Path.resolve()` for local paths; libcurl dot-segment removal for `https`). A template reference that textually starts with a trusted prefix but contains `..` is therefore granted trust yet resolves to a different, attacker-controlled template, whose `tasks` / `migrations` / `jinja_extensions` then run without the `--trust` prompt — arbitrary command execution. Version 9.15.2 patches the issue.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 07/08/2026
The vulnerability described represents a critical path traversal and privilege escalation flaw in the Copier library that affects versions 9.5.0 through 9.15.1. This security issue stems from an inconsistent handling of URL validation and path resolution that creates a dangerous mismatch between trust verification and actual template execution. The core problem manifests in the `trust` setting's prefix matching implementation within `copier/_settings.py` where the system performs a naive string-based prefix comparison using `str.startswith` without proper path normalization. This approach fails to account for directory traversal sequences that could manipulate the effective path resolution while maintaining the appearance of trust.
The technical flaw creates a fundamental inconsistency between how paths are validated versus how they are resolved during template fetching operations. When a template reference begins textually with a trusted prefix, the system grants trust status regardless of whether the path contains potentially malicious components such as `..` sequences. However, during actual template retrieval, local paths undergo normalization through `Path.resolve()` which resolves symbolic links and canonicalizes paths, while remote HTTPS URLs are processed by libcurl that removes dot-segments from the URL structure. This discrepancy means that a template reference like `/trusted/path/../attacker/control` might pass the trust check but resolve to an entirely different location determined by the normalization process.
This vulnerability directly enables arbitrary code execution through the template's tasks, migrations, and Jinja extensions components. When a maliciously crafted template path passes the initial trust validation but resolves to a different attacker-controlled template, the system executes the target template's configured tasks and migrations without requiring user confirmation prompts typically associated with potentially dangerous operations. The impact extends beyond simple code execution as it allows for complete compromise of the system where the Copier tool is executed, since these components can include arbitrary shell commands, file manipulations, and other privileged operations that bypass normal security boundaries.
The vulnerability aligns with CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) and CWE-73 (Restriction of Paths) while also demonstrating characteristics of privilege escalation through path manipulation. From an ATT&CK perspective, this issue maps to T1059 (Command and Scripting Interpreter) and T1566 (Phishing) as it enables execution of arbitrary commands through template manipulation and potentially facilitates social engineering attacks where attackers craft seemingly legitimate template references that actually deliver malicious payloads. The attack vector is particularly insidious because it leverages the trust model itself to bypass security checks, making detection difficult and exploitation straightforward for attackers familiar with path traversal techniques.
Mitigation strategies should focus on implementing consistent path normalization throughout the validation and resolution process while ensuring that trust decisions are based on canonicalized paths rather than raw string representations. The fix implemented in version 9.15.2 addresses this by synchronizing the prefix matching logic with proper path normalization, ensuring that template references are validated against their actual resolved paths rather than their textual representations. Organizations should also implement additional safeguards such as strict template source whitelisting, regular security audits of template dependencies, and monitoring for unusual template execution patterns. The vulnerability underscores the importance of consistent security practices across all stages of path handling and validation in software systems that process user-supplied inputs.