CVE-2026-55201
CVE-2026-55201 affects Evil-WinRM (up to version 3.9). A path traversal in download_dir() can cause the server to generate filenames with traversal sequences from Get-ChildItem output, which are passed unsanitized to File.join(), enabling writes outside the intended download directory. Attackers ...