Copy-Paste-Pwn: Escaping the Sandbox in Copier via Symlink Teleportation
Jan 22, 2026·6 min read·3 visits
Executive Summary (TL;DR)
If you use Copier to generate projects from templates, a malicious template author can overwrite your files (like SSH keys or config files) even without the `--UNSAFE` flag. The vulnerability exploits the order in which Copier processes files: if it creates a symlink to `/etc` first, and then writes a file 'inside' that symlink, the write escapes the sandbox.
A logic flaw in Copier's symlink handling allows 'safe' templates to escape the destination directory and overwrite arbitrary files on the host system. By abusing the '_preserve_symlinks' feature and the non-deterministic nature of directory iteration, attackers can trick the renderer into writing through a symlink before checking where it points.
Official Patches
Fix Analysis (2)
Technical Appendix
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:H/SC:N/SI:N/SA:NAffected Systems
Affected Versions Detail
| Product | Affected Versions | Fixed Version |
|---|---|---|
copier copier-org | < 9.11.2 | 9.11.2 |
| Attribute | Detail |
|---|---|
| CWE ID | CWE-61 (Symlink Following) |
| CVSS 4.0 | 6.9 (Medium) |
| Attack Vector | Local (via Template) |
| Privileges Required | None |
| User Interaction | Required (User must run copier) |
| Impact | High Integrity / High Availability |
MITRE ATT&CK Mapping
The product uses a search path or similar mechanism to resolve a reference to a resource, but it does not properly prevent the path from resolving to a resource that is outside of the intended control sphere via symbolic links.
Known Exploits & Detection
Vulnerability Timeline
Subscribe to updates
Get the latest CVE analysis reports delivered to your inbox.