Nixpkgs security tracker

Login with GitHub

Suggestions search

Published
Filter by:
With package: evil-winrm

Found 1 matching suggestions

View:
Compact
Detailed
Permalink CVE-2026-55201
7.4 HIGH
  • CVSS version (CVSS): 4.0
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Attack Requirement (AT): Present (P)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): Active (A)
  • Vulnerable System Impact Confidentiality (VC): High (H)
  • Vulnerable System Impact Integrity (VI): High (H)
  • Vulnerable System Impact Availability (VA): None (N)
  • Subsequent System Impact Confidentiality (SC): None (N)
  • Subsequent System Impact Integrity (SI): None (N)
  • Subsequent System Impact Availability (SA): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Attack Requirement (MAT): Present (P)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): Active (A)
  • Modified Vulnerable System Impact Confidentiality (MVC): High (H)
  • Modified Vulnerable System Impact Integrity (MVI): High (H)
  • Modified Vulnerable System Impact Availability (MVA): None (N)
  • Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
  • Modified Subsequent System Impact Integrity (MSI): Negligible (N)
  • Modified Subsequent System Impact Availability (MSA): Negligible (N)
  • Safety (S): Not Defined (X)
  • Automatable (AU): Not Defined (X)
  • Recovery (R): Not Defined (X)
  • Value Density (V): Not Defined (X)
  • Vulnerability Response Effort (RE): Not Defined (X)
  • Provider Urgency (U): Not Defined (X)
  • Confidentiality Req. (CR): Not Defined (X)
  • Integrity Req. (IR): Not Defined (X)
  • Availability Req. (AR): Not Defined (X)
  • Exploit Maturity (E): Not Defined (X)
updated 4 hours ago by @LeSuisse Activity log
  • Created suggestion 9 hours ago
  • @LeSuisse ignored reference https://w… 4 hours ago
  • @LeSuisse ignored package evil-winrm-py 4 hours ago
  • @LeSuisse accepted 4 hours ago
  • @LeSuisse published on GitHub 4 hours ago
Evil-WinRM - Path Traversal in download_dir() Function

Evil-WinRM through 3.9, fixed in commit 6ecd570, contains a path traversal vulnerability in the download_dir() function that allows a rogue or compromised remote Windows server to write files outside the intended download directory by returning filenames with traversal sequences from Get-ChildItem command output that are passed unsanitized to File.join(). Attackers controlling the remote server can exploit this to overwrite sensitive client-side files such as SSH authorized_keys or shell configuration files, achieving persistent access or privilege escalation on the client machine.

References

Ignored references (1)

Affected products

evil-winrm
  • ==6ecd570a298562dc72ad73978307eb34182f5850
  • =<3.9

Matching in nixpkgs

pkgs.evil-winrm

WinRM shell for hacking/pentesting

  • nixos-unstable 3.7
    • nixpkgs-unstable 3.7
    • nixos-unstable-small 3.7
  • nixos-26.05 3.7
    • nixos-26.05-small 3.7
    • nixpkgs-26.05-darwin 3.7
Ignored packages (1)

pkgs.evil-winrm-py

Execute commands interactively on remote Windows machines using the WinRM protocol