What is GHSA-fpgm-mcvj-627x?

GHSA-fpgm-mcvj-627x is a security advisory published by GitHub Security Advisories with High severity. Evil-WinRM through 3.9, fixed in commit 6ecd570, contains a path traversal vulnerability in the...

Which CVE IDs does GHSA-fpgm-mcvj-627x cover?

GHSA-fpgm-mcvj-627x covers the following CVE IDs: CVE-2026-55201. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-fpgm-mcvj-627x?

GHSA-fpgm-mcvj-627x has a CVSS v3 base score of 6.8, published by GitHub Security Advisories.

GHSA-fpgm-mcvj-627xHighCVSS 6.8

Evil-WinRM through 3.9, fixed in commit 6ecd570, contains a path traversal vulnerability in the...

Vendor

GitHub Security Advisories

Published

June 17, 2026

Last Modified

June 17, 2026

🔗 CVE IDs covered (1)

CVE-2026-55201 →

📋 Description

Evil-WinRM through 3.9, fixed in commit 6ecd570, contains a path traversal vulnerability in the download_dir() function that allows a rogue or compromised remote Windows server to write files outside the intended download directory by returning filenames with traversal sequences from Get-ChildItem command output that are passed unsanitized to File.join(). Attackers controlling the remote server can exploit this to overwrite sensitive client-side files such as SSH authorized_keys or shell configuration files, achieving persistent access or privilege escalation on the client machine.

🔗 References (5)

https://nvd.nist.gov/vuln/detail/CVE-2026-55201
https://github.com/Hackplayers/evil-winrm/pull/81
https://github.com/Hackplayers/evil-winrm/commit/6ecd570a298562dc72ad73978307eb34182f5850
https://www.vulncheck.com/advisories/evil-winrm-path-traversal-in-download-dir-function
https://github.com/advisories/GHSA-fpgm-mcvj-627x