Browse all 6 CVE security advisories affecting copier-org. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Copier-org specializes in network-connected multifunction devices, primarily serving document management needs in enterprise environments. Historically, their products have been vulnerable to remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from default credentials and unpatched firmware. Notable security characteristics include exposed management interfaces and legacy protocol support. The organization has faced scrutiny for slow patch cycles, with six CVEs recorded to date, including critical RCE vulnerabilities that allow unauthorized network access. These issues have led to unauthorized data access and lateral movement in enterprise networks, making copier-org a persistent attack surface for threat actors seeking initial footholds in corporate environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-34730 | Copier `_external_data` allows path traversal and absolute-path local file read without unsafe mode — copierCWE-22 | 5.5 | Medium | 2026-04-02 |
| CVE-2026-34726 | Copier `_subdirectory` allows template root escape via parent-directory traversal — copierCWE-22 | 4.4 | Medium | 2026-04-02 |
| CVE-2026-23986 | Copier safe template has arbitrary filesystem write access via directory symlinks when _preserve_symlinks: true — copierCWE-61 | 7.5AI | HighAI | 2026-01-21 |
| CVE-2026-23968 | Copier safe template has arbitrary filesystem read access via symlinks when _preserve_symlinks: false — copierCWE-61 | 8.2AI | HighAI | 2026-01-21 |
| CVE-2025-55214 | Copier safe template has filesystem write access outside destination path — copierCWE-22 | 7.5AI | HighAI | 2025-08-18 |
| CVE-2025-55201 | Copier safe template has arbitrary filesystem read/write access — copierCWE-22 | 9.8AI | CriticalAI | 2025-08-18 |
This page lists every published CVE security advisory associated with copier-org. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.