CVE-2026-35525
Published: 08 April 2026
Summary
CVE-2026-35525 is a high-severity UNIX Symbolic Link (Symlink) Following (CWE-61) vulnerability in Liquidjs Liquidjs. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 17.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-5 (Access Restrictions for Change).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the vulnerability by requiring timely remediation through patching LiquidJS to version 10.25.3 or later, which fixes the path-based symlink bypass.
Enforces least privilege for the template rendering process, preventing access to sensitive files outside the trusted root even if a symlink is followed.
Restricts access to change trusted template root directories, blocking attackers from placing symlinks via uploaded themes, archives, or repository controls.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability enables arbitrary local file reads via symlink bypass in template includes (T1005); exploitable over network in public-facing template engine contexts (T1190).
NVD Description
LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, for {% include %}, {% render %}, and {% layout %}, LiquidJS checks whether the candidate path is inside the configured partials or layouts…
more
roots before reading it. That check is path-based, not realpath-based. Because of that, a file like partials/link.liquid passes the directory containment check as long as its pathname is under the allowed root. If link.liquid is actually a symlink to a file outside the allowed root, the filesystem follows the symlink when the file is opened and LiquidJS renders the external target. So the restriction is applied to the path string that was requested, not to the file that is actually read. This matters in environments where an attacker can place templates or otherwise influence files under a trusted template root, including uploaded themes, extracted archives, mounted content, or repository-controlled template trees. This vulnerability is fixed in 10.25.3.
Deeper analysisAI
CVE-2026-35525 is a vulnerability in LiquidJS, a Shopify- and GitHub Pages-compatible template engine implemented in pure JavaScript. Versions prior to 10.25.3 are affected due to improper path validation in the {% include %}, {% render %}, and {% layout %} tags. LiquidJS performs a path-based check to ensure candidate paths are within configured partials or layouts roots before reading files, but this does not use realpath resolution. As a result, a symlink like partials/link.liquid—whose pathname appears under the allowed root—can bypass the check, allowing the engine to follow the symlink and render content from an external file outside the trusted root.
An attacker can exploit this in environments where they can place or influence files under a trusted template root, such as uploaded themes, extracted archives, mounted content, or repository-controlled template trees. No privileges are required (PR:N), and exploitation is straightforward over the network with low complexity (AV:N/AC:L). Successful exploitation enables high confidentiality impact (C:H), as the engine reads and renders arbitrary external files, potentially leaking sensitive data without integrity or availability disruption.
The vulnerability is fixed in LiquidJS version 10.25.3, as detailed in the project's security advisory (GHSA-56p5-8mhr-2fph), release notes, and associated pull request. Security practitioners should upgrade to 10.25.3 or later to mitigate the issue, which is rated 7.5 (High) under CVSS:3.1 and mapped to CWE-61 (symlink issues).
Details
- CWE(s)