Primary

Context

Magic Wormhole Path Traversal Vulnerability in File Transfer Output Directory Specification

Vulnerability

Patched

A path traversal vulnerability has been identified in Magic Wormhole versions prior to 0.24.0. This issue occurs when a receiver specifies an output directory that already exists as a directory. The vulnerability allows for arbitrary-sized files and directories to be transferred from one computer to another, but with the potential for unintended file overwrites due to the path traversal.

Impact

Exploitation of this vulnerability could lead to unintended file overwrites in the specified output directory, allowing for potential manipulation or loss of data.

Remediation

Users can upgrade to Magic Wormhole version 0.24.0 or later to address this vulnerability. Alternatively, ensure that the local target directory specified with the '--output' option does not already exist as a directory.

Added: May 26, 2026, 10:42 PM

Updated: May 26, 2026, 10:42 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.0

remediation

0.0

relevance

9.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.0

remediation

0.0

relevance

9.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Magic Wormhole Path Traversal Vulnerability in File Transfer Output Directory Specification

Vulnerability

Impact

Remediation

Affected Products

Magic Wormhole

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating