HIGH
copier-org
CVE published 2026-07-08
CVE-2026-53951
CVE-2026-53951 is a high-severity vulnerability in Copier library and CLI app versions 9.5.0 through 9.15.1. The vulnerability arises from the `trust` setting's prefix match in `copier/_settings.py`, which compares template URLs against trusted prefixes using a raw `str.startswith` without path normalization. This allows a template reference to be granted trust if it textually starts with a trusted prefix [truncated]