Skip to main content

Evil Winrm

1 CVEs product

Monthly

CVE-2026-55201 HIGH PATCH This Week

Path traversal in Evil-WinRM through 3.9 lets a malicious or compromised remote Windows server overwrite arbitrary files on the operator's client machine when the user invokes the download_dir() function. Because Evil-WinRM is the offensive operator's tool, this inverts the trust model - the 'target' Windows host becomes the attacker and the red teamer or admin running Evil-WinRM becomes the victim, with realistic outcomes including persistent SSH access via overwritten authorized_keys. No public exploit identified at time of analysis, but a public upstream patch (commit 6ecd570) discloses the exact unsanitized File.join() sink.

Path Traversal Privilege Escalation Microsoft Evil Winrm
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.3%
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Path traversal in Evil-WinRM through 3.9 lets a malicious or compromised remote Windows server overwrite arbitrary files on the operator's client machine when the user invokes the download_dir() function. Because Evil-WinRM is the offensive operator's tool, this inverts the trust model - the 'target' Windows host becomes the attacker and the red teamer or admin running Evil-WinRM becomes the victim, with realistic outcomes including persistent SSH access via overwritten authorized_keys. No public exploit identified at time of analysis, but a public upstream patch (commit 6ecd570) discloses the exact unsanitized File.join() sink.

Path Traversal Privilege Escalation Microsoft +1
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy