CVE-2026-23968

Name of the Vulnerable Software and Affected Versions Copier versions prior to 9.11.2

Description Copier, a library and CLI app for rendering project templates, exhibited a flaw where it incorrectly identified templates as safe, even if they contained arbitrary files and directories outside the local template clone location. This was possible through the use of symlinks combined with the default setting of preserve symlinks: false. The application suggested that projects generated from safe templates did not require the --UNSAFE,--trust flag, but this was not accurate.

Recommendations Update to version 9.11.2 or later.