PT-2026-38266 · Magic Wormhole+1 · Magic-Wormhole

Marduc812

Published

2026-05-06

Updated

2026-05-26

CVE-2026-42448

CVSS v3.1

3.5

Low

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Magic Wormhole versions prior to 0.24.0

Description A path traversal issue exists when a receiver uses the --output <dir> option and the specified output directory already exists on the system. Path traversal is a flaw that allows an attacker to access files or directories outside the intended folder by using special characters like dot-dot-slash (../).

Recommendations Update to version 0.24.0. Ensure local target directories specified by --output do not already exist.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2026-42448

GHSA-CF92-GFCW-6V53

Affected Products

Magic-Wormhole

PT-2026-38266 · Magic Wormhole+1 · Magic-Wormhole

CVE-2026-42448

Weakness Enumeration

Related Identifiers

Affected Products

References · 4