Threats Tagged 'cve-2026-53951'
View all threats tagged with 'cve-2026-53951'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-53951'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-53951: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in copier-org copierCVE-2026-53951 0 Copier is a library and CLI app for rendering project templates. In versions 9.5.0 through 9.15.1, the `trust` setting's prefix match (`copier/_settings.py`) compares the template URL against a trusted prefix with a raw `str.startswith` and no path normalization, while the URL is normalized when the template is actually fetched (`Path.resolve()` for local paths; libcurl dot-segment removal for `https`). A template reference that textually starts with a trusted prefix but contains `..` is therefore granted trust yet resolves to a different, attacker-controlled template, whose `tasks` / `migrations` / `jinja_extensions` then run without the `--trust` prompt — arbitrary command execution. Version 9.15.2 patches the issue. Join the discussion | CVE Database V5 | 07/08/2026, 15:26:08 UTC Added: 07/08/2026, 15:58:56 UTC |
Showing 1 to 1 of 1 result