Description
LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, for {% include %}, {% render %}, and {% layout %}, LiquidJS checks whether the candidate path is inside the configured partials or layouts roots before reading it. That check is path-based, not realpath-based. Because of that, a file like partials/link.liquid passes the directory containment check as long as its pathname is under the allowed root. If link.liquid is actually a symlink to a file outside the allowed root, the filesystem follows the symlink when the file is opened and LiquidJS renders the external target. So the restriction is applied to the path string that was requested, not to the file that is actually read. This matters in environments where an attacker can place templates or otherwise influence files under a trusted template root, including uploaded themes, extracted archives, mounted content, or repository-controlled template trees. This vulnerability is fixed in 10.25.3.
Published: 2026-04-08
Score: 8.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

This vulnerability occurs when LiquidJS loads partial or layout templates through {% include %}, {% render %}, or {% layout %} tags. The engine checks that the requested path is inside the configured root directories using a string comparison, but it does not resolve the actual filesystem path. Therefore a symlink placed under the partials or layouts root that points to a file outside the allowed directory can be loaded and executed. An attacker who can create or modify a symlink in the trusted template tree can thus have LiquidJS render a malicious template or read sensitive files, which may lead to remote code execution or information disclosure. The flaw is a classic path‑traversal/symlink abuse (CWE‑61).

Affected Systems

Products affected are LiquidJS libraries released by harttle. Any installation using a version earlier than 10.25.3 is vulnerable. The issue is documented for all variants of LiquidJS that support include, render, or layout tags, as the root restriction check is universal across them.

Risk and Exploitability

The CVSS base score for this flaw is 8.2, indicating a high severity. Attackers require the ability to place or modify a symlink within the allowed partials or layout directories, a capability that exists in environments where user input can influence uploaded themes, theme archives, or repository‑controlled template trees. The EPSS score is below 1 %, suggesting few exploitable public deployments at present, and the vulnerability is not present in CISA's KEV catalog. Nonetheless, once an attacker can write to the template root, exploitation is straightforward and could achieve code execution under the privileges of the running application. Implementing the fix removes the path containment flaw and eliminates the possibility of executing unintended templates.

Generated by OpenCVE AI on April 10, 2026 at 22:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update LiquidJS to version 10.25.3 or later to eliminate the path restriction bypass.
  • Ensure that directories used for partials and layouts are not writable by untrusted users and that symlinks are not allowed in those directories.
  • Review existing templates for unexpected symlinks and remove any that point outside the intended directory.

Generated by OpenCVE AI on April 10, 2026 at 22:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-56p5-8mhr-2fph LiquidJS: Root restriction bypass for partial and layout loading through symlinked templates
History

Fri, 10 Apr 2026 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Liquidjs
Liquidjs liquidjs
CPEs cpe:2.3:a:liquidjs:liquidjs:*:*:*:*:*:node.js:*:*
Vendors & Products Liquidjs
Liquidjs liquidjs
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Thu, 09 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
First Time appeared Harttle
Harttle liquidjs
Vendors & Products Harttle
Harttle liquidjs

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 08 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
Description LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, for {% include %}, {% render %}, and {% layout %}, LiquidJS checks whether the candidate path is inside the configured partials or layouts roots before reading it. That check is path-based, not realpath-based. Because of that, a file like partials/link.liquid passes the directory containment check as long as its pathname is under the allowed root. If link.liquid is actually a symlink to a file outside the allowed root, the filesystem follows the symlink when the file is opened and LiquidJS renders the external target. So the restriction is applied to the path string that was requested, not to the file that is actually read. This matters in environments where an attacker can place templates or otherwise influence files under a trusted template root, including uploaded themes, extracted archives, mounted content, or repository-controlled template trees. This vulnerability is fixed in 10.25.3.
Title LiquidJS has a root restriction bypass for partial and layout loading through symlinked templates
Weaknesses CWE-61
References
Metrics cvssV4_0

{'score': 8.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Harttle Liquidjs
Liquidjs Liquidjs
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-08T19:53:00.573Z

Reserved: 2026-04-03T02:15:39.281Z

Link: CVE-2026-35525

cve-icon Vulnrichment

Updated: 2026-04-08T19:52:57.329Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-08T20:16:24.913

Modified: 2026-04-10T21:19:03.210

Link: CVE-2026-35525

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T14:25:04Z

Weaknesses