Path Traversal Vulnerability in Evil-WinRM Affects Windows Servers
CVE-2026-55201

7.4HIGH

Key Information:

Vendor

Hackplayers

Status
Evil-winrm
Vendor
CVE Published:
17 June 2026

What is CVE-2026-55201?

Evil-WinRM versions prior to 3.9 contain a path traversal vulnerability in the download_dir() function. This flaw allows an attacker controlling a malicious remote Windows server to exploit the application by supplying filenames with traversal sequences that are not properly sanitized. Consequently, attackers can write files outside of the designated download directory, overwriting sensitive files on the client side, such as SSH authorized_keys or shell configuration files. This could lead to persistent access or privilege escalation on affected client machines, significantly jeopardizing security.

Affected Version(s)

evil-winrm 0 <= 3.9

evil-winrm 6ecd570a298562dc72ad73978307eb34182f5850

References

https://github.com/Hackplayers/evil-winrm/pull/81
issue-tracking
https://github.com/Hackplayers/evil-winrm/commit/6ecd570a...
patch
https://www.vulncheck.com/advisories/evil-winrm-path-trav...
third-party-advisory

CVSS V4

Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Tristan Madani (@TristanInSec)
.