Magic Wormhole: "wormhole receive" allows arbitrary local file overwrite
Description
Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. From 0.21.0 to before 0.23.0, receiving a file (wormhole receive) from a malicious party could result in overwriting critical local files, including ~/.ssh/authorized_keys and .bashrc. This could be used to compromise the receiver's computer. Only the sender of the file (the party who runs wormhole send) can mount the attack. Other parties (including the transit/relay servers) are excluded by the wormhole protocol. This vulnerability is fixed in 0.23.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Magic Wormhole before 0.23.0 allows malicious senders to overwrite critical local files via crafted filenames in file transfers.
Vulnerability
Overview
Magic Wormhole versions 0.21.0 through 0.22.x contain a path traversal vulnerability in the wormhole receive command. The root cause is the accidental removal of a basename() check on incoming filenames during a refactoring in version 0.21.0 [2]. Without this check, a malicious sender can provide a filename containing path components like ../../.bashrc, causing the receiver to write the file to an arbitrary location outside the intended directory.
Exploitation
An attacker must be the sender of a file transfer (i.e., run wormhole send) to exploit this vulnerability. Other parties, including transit and relay servers, are excluded by the wormhole protocol [1][2]. The attack requires no additional privileges on the receiver's system; the receiver simply accepts the transfer, and the malicious filename is used to determine the write destination. The attacker can craft filenames that target sensitive files such as ~/.ssh/authorized_keys, ~/.bashrc, or other configuration files.
Impact
Successful exploitation allows overwriting critical local files, which can lead to full compromise of the receiver's computer. For example, overwriting authorized_keys could allow the attacker to install their SSH key and gain persistent remote access, while overwriting shell startup scripts could execute arbitrary commands on login [1][2].
Mitigation
This vulnerability is fixed in Magic Wormhole version 0.23.0, which restores the basename check and adds a unit test to prevent regression [2]. Users should upgrade immediately. As a workaround, the receiver can override the sender's filename using the --output or -o option to specify a safe local path on every invocation of wormhole receive [2].
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
magic-wormholePyPI | >= 0.21.0, < 0.23.0 | 0.23.0 |
Affected products
1- magic-wormhole/magic-wormholev5Range: >= 0.21.0, < 0.23.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-4g4c-mfqg-pj8rghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-32116ghsaADVISORY
- github.com/magic-wormhole/magic-wormhole/security/advisories/GHSA-4g4c-mfqg-pj8rghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.