Low severity3.5GHSA Advisory· Published May 26, 2026· Updated May 26, 2026
CVE-2026-42448
CVE-2026-42448
Description
Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. Prior to 0.24.0, there is a path traversal when a receiver who specifies "--output " where that output directory currently exists (as a directory). This vulnerability is fixed in 0.24.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
magic-wormholePyPI | >= 0.23.0, < 0.24.0 | 0.24.0 |
Affected products
2- Range: = 0.23.0
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.