Home / Vulnerability Intelligence / CVE-2026-34726

CVE-2026-34726 - Vulnerability Analysis

MediumCVSS: 4.4

Last Updated: April 3, 2026

Copier - Path Traversal

Published: April 2, 2026Updated: April 3, 2026PoC Available

Overview

Copier < 9.14.1 contains a path traversal vulnerability caused by improper validation of the _subdirectory setting, letting attackers escape template directories and render files from parent directories without --UNSAFE.

Severity & Score

Severity: Medium

CVSS Score: 4.4

Impact

Attackers can render files outside the intended template directory, potentially exposing sensitive files or data.

Mitigation

Upgrade to version 9.14.1 or later.

References

https://github.com/copier-org/copier/commit/cb80a3ffc9c3787de3ed837e04ca29a0ff8ca3df
https://github.com/copier-org/copier/releases/tag/v9.14.1
https://github.com/copier-org/copier/security/advisories/GHSA-85v3-4m8g-hrh6

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-34726
Severity: Medium
CVSS Score: 4.4
Type: path_traversal
Status: confirmed

CWE

CWE-22

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N