CVE-2026-23968 is a symbolic link (symlink) following vulnerability categorized under CWE-61 affecting the Copier project, a library and CLI application designed for rendering project templates. Copier versions before 9.11.2 assume that templates marked as safe do not contain unsafe features such as custom Jinja extensions requiring explicit trust flags. However, this vulnerability allows a safe template to include arbitrary files or directories outside the local template clone directory by leveraging symlinks in conjunction with the default setting `_preserve_symlinks: false`. When this setting is false, Copier resolves symlinks and copies the linked content, potentially exposing or overwriting files outside the intended template scope. This can lead to unauthorized file disclosure or modification during template generation, impacting confidentiality and integrity. The CVSS 4.0 base score is 6.8 (medium severity), reflecting local attack vector, low complexity, no privileges required, but user interaction needed, and high impact on confidentiality. The vulnerability is patched in Copier version 9.11.2, which changes symlink handling to prevent this behavior. No public exploits are known, but the vulnerability poses a risk especially in automated or CI/CD environments where templates are rendered without strict validation.

For European organizations, this vulnerability can lead to unauthorized disclosure or modification of sensitive files during automated project template rendering, potentially exposing confidential information or corrupting critical configuration files. Organizations using Copier in software development, DevOps pipelines, or automation tools are at risk, especially if templates are sourced from external or untrusted repositories. The impact is heightened in environments where templates are rendered with minimal oversight or where symlink preservation is not explicitly managed. This could result in data leaks, supply chain compromise, or disruption of development workflows. Confidentiality is primarily impacted, with some risk to integrity. Availability impact is minimal. The vulnerability’s exploitation requires user interaction (template rendering), so automated or unattended environments are particularly vulnerable if they process untrusted templates.

European organizations should immediately upgrade Copier to version 9.11.2 or later to benefit from the patched symlink handling. Until upgrade, explicitly set `_preserve_symlinks: true` in Copier configuration to prevent symlink resolution outside the template directory. Validate and audit all templates, especially those sourced externally, to ensure they do not contain malicious symlinks. Incorporate template rendering into secure CI/CD pipelines with strict access controls and sandboxing to limit file system exposure. Monitor for unusual file access or modifications during template generation. Educate developers and DevOps teams about the risks of symlink following and safe template usage. Consider implementing file system permissions and containerization to isolate template rendering processes. Regularly review Copier usage and dependencies to detect outdated versions.