CVE-2026-55201 | Evil-WinRM through 3.9, fixed in commit 6ecd570, contains a … | CVSS 6.8 MEDIUM

Description

Evil-WinRM through 3.9, fixed in commit 6ecd570, contains a path traversal vulnerability in the download_dir() function that allows a rogue or compromised remote Windows server to write files outside the intended download directory by returning filenames with traversal sequences from Get-ChildItem command output that are passed unsanitized to File.join(). Attackers controlling the remote server can exploit this to overwrite sensitive client-side files such as SSH authorized_keys or shell configuration files, achieving persistent access or privilege escalation on the client machine.

Metadata

CVE ID: CVE-2026-55201
State: PUBLISHED
Assigner: VulnCheck
Reserved: 2026-06-16 15:53 UTC
Published: 2026-06-17 19:08 UTC
Last updated: 2026-06-17 19:08 UTC
Primary CWE: CWE-22
Improper Limitation of a Pathname to a Restricted Directory …
Vendor / Product: Hackplayers / evil-winrm
Sources: cve.org · NVD

Severity & Metrics

6.8 MEDIUM CVSS 3.1

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Affected products (1)

Vendor	Product	Platform	Versions
Hackplayers	evil-winrm	—	0 ≤ 3.9, 6ecd570a298562dc72ad73978307eb34182f5850

Weakness (CWE)

CWE	Source	Description
CWE-22	cna	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSS scores (2)

Score	Severity	Version	Source	Vector
7.4	HIGH	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
6.8	MEDIUM	3.1	cna	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

References (3)