File Overwrite Vulnerability in Magic Wormhole by Ipython
CVE-2026-32116

8.2HIGH

Key Information:

Vendor: Magic-wormhole
Status: Magic-wormhole
Vendor: CVE Published:; 12 March 2026

🔔 Create Magic-wormhole Vulnerability Alert

What is CVE-2026-32116?

Magic Wormhole is designed to facilitate the transfer of arbitrary-sized files and directories between computers. However, versions 0.21.0 to 0.22.0 have a security vulnerability that allows a malicious sender to overwrite critical local files on the receiver's machine, such as ~/.ssh/authorized_keys and .bashrc, which could lead to serious security compromises. This issue is mitigated in version 0.23.0 and highlights the importance of using the latest software versions to protect against potential attacks.

Affected Version(s)

magic-wormhole >= 0.21.0, < 0.23.0

References

https://github.com/magic-wormhole/magic-wormhole/security...

x_refsource_CONFIRM

CVSS V4

Score:

8.2

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 12, 2026
Vulnerability Reserved
Mar 10, 2026

CVE-2026-32116 Data

JSON