Home / Vulnerability Intelligence / CVE-2026-34730

CVE-2026-34730 - Vulnerability Analysis

MediumCVSS: 5.5

Last Updated: April 3, 2026

Copier - Information Disclosure

Published: April 2, 2026Updated: April 3, 2026PoC Available

Overview

Copier < 9.14.1 contains an information disclosure vulnerability caused by template-controlled YAML file loading in _external_data feature, letting attackers read local files accessible to the user running Copier, exploit requires untrusted templates.

Severity & Score

Severity: Medium

CVSS Score: 5.5

Impact

Attackers can read local files accessible to the user running Copier, exposing sensitive information.

Mitigation

Update to version 9.14.1 or later.

References

https://github.com/copier-org/copier/commit/5413062eb17b73dc885f5e645cdc161e69ef641b
https://github.com/copier-org/copier/releases/tag/v9.14.1
https://github.com/copier-org/copier/security/advisories/GHSA-hgjq-p8cr-gg4h

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-34730
Severity: Medium
CVSS Score: 5.5
Type: template_injection
Status: confirmed

CWE

CWE-22

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N