VYPR

Magic Wormhole

by Magic Wormhole

Source repositories

CVEs (2)

  • CVE-2026-42448LowMay 26, 2026
    risk 0.16cvss 3.5epss 0.00

    Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. Prior to 0.24.0, there is a path traversal when a receiver who specifies "--output " where that output directory currently exists (as a directory). This vulnerability…

  • CVE-2026-32116Mar 12, 2026
    risk 0.00cvss epss 0.00

    Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. From 0.21.0 to before 0.23.0, receiving a file (wormhole receive) from a malicious party could result in overwriting critical local files, including ~/.ssh/authorized_keys…