Description
Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and render arbitrary files via the {% include %} and {% render %} tags. Targeted files would need to contain valid Liquid markup and be readable by the application process. This vulnerability is fixed in 2.2.0.
Published: 2026-05-28
Score: 8.2 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises in the FileSystemLoader and CachingFileSystemLoader of Python Liquid when an absolute path is supplied to resolve a file. Because the loaders do not enforce the defined search path, a malicious template author can include and render files located outside the intended directory. If those files contain valid Liquid markup and the application process can read them, the data will be displayed in the rendered output, allowing an attacker to read arbitrary host files and compromise confidentiality.

Affected Systems

All releases of the Python Liquid engine prior to version 2.2.0 are affected. The maintainer, jg‑rp, fixed the issue in 2.2.0. No specific sub‑version data was provided, so any installation older than 2.2.0 needs updating.

Risk and Exploitability

The CVSS score of 8.2 classifies this flaw as high severity. It is not listed in CISA's KEV catalog, indicating no known active exploitation. The EPSS score is not available. The likely attack vector is a template author who can supply an absolute file path to {% include %} or {% render %}. Based on the description, it is inferred that the attacker must be able to influence template rendering within the application, such as via a web interface that accepts user‑generated templates. If such control exists, the attacker can reference any readable file on the host system and retrieve its contents.

Generated by OpenCVE AI on May 28, 2026 at 16:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Python Liquid 2.2.0 or newer where path restrictions are enforced.
  • If upgrading is not immediately possible, configure the FileSystemLoader to reference a dedicated read‑only directory and validate that no absolute paths are passed to {% include %} or {% render %} by sanitizing template input.
  • Verify that user‑supplied templates are not processed or that template rendering is isolated from the application context to prevent arbitrary file read.

Generated by OpenCVE AI on May 28, 2026 at 16:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-8p4x-wr7x-3788 python-liquid: Absolute paths escape filesystem loader search path
History

Wed, 03 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Jg-rp python Liquid
CPEs cpe:2.3:a:jg-rp:python_liquid:*:*:*:*:*:python:*:*
Vendors & Products Jg-rp python Liquid
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Fri, 29 May 2026 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Jg-rp
Jg-rp liquid
Vendors & Products Jg-rp
Jg-rp liquid

Thu, 28 May 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 28 May 2026 15:30:00 +0000

Type Values Removed Values Added
Description Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and render arbitrary files via the {% include %} and {% render %} tags. Targeted files would need to contain valid Liquid markup and be readable by the application process. This vulnerability is fixed in 2.2.0.
Title Python Liquid: Absolute paths escape filesystem loader search path
Weaknesses CWE-22
References
Metrics cvssV4_0

{'score': 8.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Jg-rp Liquid Python Liquid
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-28T15:57:12.837Z

Reserved: 2026-05-08T16:58:28.895Z

Link: CVE-2026-45017

cve-icon Vulnrichment

Updated: 2026-05-28T15:57:09.374Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-28T16:16:25.883

Modified: 2026-06-03T00:43:16.730

Link: CVE-2026-45017

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T15:48:27Z

Weaknesses
  • CWE-22

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')