CVE Catalog

CVE-2026-55201

MediumCVSS 6.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.30%

22th percentile — higher than 22% of all known CVEs

Summary

Evil-WinRM up to version 3.9 contains a path traversal vulnerability in the download_dir() function that allows a rogue or compromised remote Windows server to write files outside the intended download directory. Attackers can exploit this vulnerability to overwrite sensitive client-side files, leading to persistent access or privilege escalation.

Risk Assessment

Organizations may face serious security risks, including data loss and unauthorized access to systems, potentially leading to further attacks.

Recommendation

It is recommended to update Evil-WinRM to version 3.9 or later to mitigate this vulnerability and to review and secure sensitive files on clients.

Original NVD description (English source)

Evil-WinRM through 3.9, fixed in commit 6ecd570, contains a path traversal vulnerability in the download_dir() function that allows a rogue or compromised remote Windows server to write files outside the intended download directory by returning filenames with traversal sequences from Get-ChildItem command output that are passed unsanitized to File.join(). Attackers controlling the remote server can exploit this to overwrite sensitive client-side files such as SSH authorized_keys or shell configuration files, achieving persistent access or privilege escalation on the client machine.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS