{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/python-liquid--2.2.0/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["python-liquid (\u003c 2.2.0)"],"_cs_severities":["high"],"_cs_tags":["path-traversal","template-injection","CVE-2026-45017"],"_cs_type":"advisory","_cs_vendors":["pip"],"content_html":"\u003cp\u003eThe python-liquid library, a template engine, is vulnerable to a path traversal issue affecting the \u003ccode\u003eFileSystemLoader\u003c/code\u003e and \u003ccode\u003eCachingFileSystemLoader\u003c/code\u003e classes. Versions prior to 2.2.0 fail to properly sanitize template paths, allowing an attacker to specify absolute paths via the \u003ccode\u003e{% include %}\u003c/code\u003e and \u003ccode\u003e{% render %}\u003c/code\u003e tags. This vulnerability, identified as CVE-2026-45017, allows a malicious template author to potentially read any file on the system that contains valid Liquid markup and is readable by the application process. The fix, implemented in version 2.2.0, adds a check for absolute paths in the \u003ccode\u003eresolve_path()\u003c/code\u003e method within \u003ccode\u003eliquid/builtin/loaders/file_system_loader.py\u003c/code\u003e. This prevents the loader from processing templates located outside the intended search paths.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains the ability to author or modify Liquid templates used by an application using python-liquid.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious template containing an \u003ccode\u003e{% include %}\u003c/code\u003e or \u003ccode\u003e{% render %}\u003c/code\u003e tag.\u003c/li\u003e\n\u003cli\u003eThe tag\u0026rsquo;s argument specifies an absolute path to a file outside the intended template directory, such as \u003ccode\u003e/etc/passwd\u003c/code\u003e or \u003ccode\u003eC:\\\\boot.ini\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe application processes the malicious template using the \u003ccode\u003eFileSystemLoader\u003c/code\u003e or \u003ccode\u003eCachingFileSystemLoader\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe vulnerable loader resolves the attacker-supplied absolute path without proper validation.\u003c/li\u003e\n\u003cli\u003eThe loader reads the contents of the arbitrary file specified by the absolute path.\u003c/li\u003e\n\u003cli\u003eThe application renders the template, potentially exposing the contents of the arbitrary file to an unauthorized user or system.\u003c/li\u003e\n\u003cli\u003eIf the targeted file contains valid Liquid markup, it is rendered as part of the template. Otherwise, the raw contents are displayed.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-45017 allows an attacker to bypass intended security restrictions and read arbitrary files on the system. The severity of the impact depends on the contents of the files accessed. Sensitive information, such as configuration files, credentials, or internal application code, could be exposed. The number of victims is dependent on the number of applications utilizing python-liquid with user-supplied template content.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to python-liquid version 2.2.0 or later to remediate CVE-2026-45017, which patches the vulnerability in the \u003ccode\u003eFileSystemLoader\u003c/code\u003e class.\u003c/li\u003e\n\u003cli\u003eAs an interim workaround if patching is not immediately feasible, implement a custom template loader as described in the advisory, which overrides the \u003ccode\u003eresolve_path()\u003c/code\u003e method to prevent absolute paths.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect CVE-2026-45017 Attempt — python-liquid FileSystemLoader Absolute Path\u0026rdquo; to identify attempts to exploit this vulnerability in web server logs.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-11T14:58:42Z","date_published":"2026-05-11T14:58:42Z","id":"https://feed.craftedsignal.io/briefs/2026-05-python-liquid-path-escape/","summary":"The FileSystemLoader in python-liquid versions before 2.2.0 allows malicious template authors to read arbitrary files outside the search paths via the `{% include %}` and `{% render %}` tags by using absolute paths; this is resolved in version 2.2.0 by checking for absolute paths in the `resolve_path()` method.","title":"python-liquid FileSystemLoader Absolute Path Escape Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-python-liquid-path-escape/"}],"language":"en","title":"CraftedSignal Threat Feed — Python-Liquid (\u003c 2.2.0)","version":"https://jsonfeed.org/version/1.1"}