VYPR

PyPI package

magic-wormhole

pkg:pypi/magic-wormhole

Vulnerabilities (2)

  • CVE-2026-42448LowMay 26, 2026
    affected >= 0.23.0, < 0.24.0fixed 0.24.0

    Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. Prior to 0.24.0, there is a path traversal when a receiver who specifies "--output " where that output directory currently exists (as a directory). This vulnerability

  • CVE-2026-32116Mar 12, 2026
    affected >= 0.21.0, < 0.23.0fixed 0.23.0

    Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. From 0.21.0 to before 0.23.0, receiving a file (wormhole receive) from a malicious party could result in overwriting critical local files, including ~/.ssh/authorized_keys