CVE-2026-55201
MediumCVSS 6.8Exploitation Probability (EPSS)
Low risk22th percentile — higher than 22% of all known CVEs
Summary
Evil-WinRM up to version 3.9 contains a path traversal vulnerability in the download_dir() function that allows a rogue or compromised remote Windows server to write files outside the intended download directory. Attackers can exploit this vulnerability to overwrite sensitive client-side files, leading to persistent access or privilege escalation.
Risk Assessment
Organizations may face serious security risks, including data loss and unauthorized access to systems, potentially leading to further attacks.
Recommendation
It is recommended to update Evil-WinRM to version 3.9 or later to mitigate this vulnerability and to review and secure sensitive files on clients.
Original NVD description (English source)
Evil-WinRM through 3.9, fixed in commit 6ecd570, contains a path traversal vulnerability in the download_dir() function that allows a rogue or compromised remote Windows server to write files outside the intended download directory by returning filenames with traversal sequences from Get-ChildItem command output that are passed unsanitized to File.join(). Attackers controlling the remote server can exploit this to overwrite sensitive client-side files such as SSH authorized_keys or shell configuration files, achieving persistent access or privilege escalation on the client machine.

