PatchSiren

copier-org CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH copier-org CVE published 2026-07-08

CVE-2026-53951

CVE-2026-53951 is a high-severity vulnerability in Copier library and CLI app versions 9.5.0 through 9.15.1. The vulnerability arises from the `trust` setting's prefix match in `copier/_settings.py`, which compares template URLs against trusted prefixes using a raw `str.startswith` without path normalization. This allows a template reference to be granted trust if it textually starts with a trusted prefix [truncated]