20 matches found
CVE-2026-42448
Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. Prior to 0.24.0, there is a path traversal when a receiver who specifies "--output " where that output directory currently exists as a directory. This vulnerability is fixed in 0.24.0...
EUVD-2026-31947
Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. Prior to 0.24.0, there is a path traversal when a receiver who specifies "--output " where that output directory currently exists as a directory. This vulnerability is fixed in 0.24.0...
CVE-2026-42448
Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. Prior to 0.24.0, there is a path traversal when a receiver who specifies "--output " where that output directory currently exists as a directory. This vulnerability is fixed in 0.24.0...
Magic Wormhole 路径遍历漏洞
Magic Wormhole is an open-source, secure cross-computer file transfer tool. Versions of Magic Wormhole prior to 0.24.0 contained a path traversal vulnerability, which was due to the possibility of path traversal when the recipient specified an output directory...
GHSA-CF92-GFCW-6V53 Magic Wormhole: receive, with --output pointing at an existing directory can be path-traversed
Impact A receiver who specifies "--output " where that output directory currently exists as a directory. Patches 0.24.0 will contain the patch Workarounds Ensure local target directories specified by "--output" do not already exist Resources Private email and Signal communications from a user...
dropship (=0.0.5), openadapt (>=0.15.1 <=0.46.0) +3 more potentially affected by CVE-2026-42448 via magic-wormhole (>=0.11.2 <=0.13.0)
magic-wormhole PYPI version =0.11.2, =0.15.1, =0.1.0, =0.1.0, =0.2.0, =0.7.0 Source cves: CVE-2026-42448 Source advisory: SNYK:PYTHON-MAGICWORMHOLE-16438994...
Directory Traversal
Overview magic-wormhole is a Securely transfer data between computers Affected versions of this package are vulnerable to Directory Traversal via the receive process when the --output parameter is set to an existing directory. An attacker can overwrite files outside the intended directory by...
Magic Wormhole: receive, with --output pointing at an existing directory can be path-traversed
Impact A receiver who specifies "--output " where that output directory currently exists as a directory. Patches 0.24.0 will contain the patch Workarounds Ensure local target directories specified by "--output" do not already exist Resources Private email and Signal communications from a user...
CVE-2026-32116
Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. From 0.21.0 to before 0.23.0, receiving a file wormhole receive from a malicious party could result in overwriting critical local files, including /.ssh/authorizedkeys and .bashrc. This cou...
EUVD-2026-11643
Magic Wormhole: "wormhole receive" allows arbitrary local file overwrite...
Directory Traversal
Overview magic-wormhole is a Securely transfer data between computers Affected versions of this package are vulnerable to Directory Traversal via the wormhole receive process. An attacker can overwrite arbitrary files on the local system by sending a crafted filename during file transfer. This is...
Linux Distros Unpatched Vulnerability : CVE-2026-32116
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. From 0.21.0 to before 0.23.0, receiving a file...
CVE-2026-32116
Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. From 0.21.0 to before 0.23.0, receiving a file wormhole receive from a malicious party could result in overwriting critical local files, including /.ssh/authorizedkeys and .bashrc. This cou...
CVE-2026-32116
Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. From 0.21.0 to before 0.23.0, receiving a file wormhole receive from a malicious party could result in overwriting critical local files, including /.ssh/authorizedkeys and .bashrc. This cou...
UBUNTU-CVE-2026-32116
Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. From 0.21.0 to before 0.23.0, receiving a file wormhole receive from a malicious party could result in overwriting critical local files, including /.ssh/authorizedkeys and .bashrc. This cou...
CVE-2026-32116
Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. From 0.21.0 to before 0.23.0, receiving a file wormhole receive from a malicious party could result in overwriting critical local files, including /.ssh/authorizedkeys and .bashrc. This cou...
CVE-2026-32116 Magic Wormhole: "wormhole receive" allows arbitrary local file overwrite
Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. From 0.21.0 to before 0.23.0, receiving a file wormhole receive from a malicious party could result in overwriting critical local files, including /.ssh/authorizedkeys and .bashrc. This cou...
CVE-2026-32116
Vulnerability: Magic Wormhole (wormhole receive) could overwrite critical local files on the recipient when receiving a file, affecting versions 0.21.0 through before 0.23.0. Root cause: receiving a file could overwrite targets like ~/.ssh/authorized_keys and .bashrc due to the transfer handling....
CVE-2026-32116 Magic Wormhole: "wormhole receive" allows arbitrary local file overwrite
Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. From 0.21.0 to before 0.23.0, receiving a file wormhole receive from a malicious party could result in overwriting critical local files, including /.ssh/authorizedkeys and .bashrc. This cou...
Magic Wormhole 路径遍历漏洞
Magic Wormhole is a secure cross-computer file transfer tool developed under the open-source Magic-Wormhole project. Versions of Magic Wormhole from 0.21.0 to 0.23.0 contained a path traversal vulnerability. This vulnerability could allow malicious files to overwrite critical local files,...