{"@context":"https://openvex.dev/ns/v0.2.0","@id":"https://database.harborguard.co/cve/CVE-2026-55201/vex.json","author":"HarborGuard Database","role":"Document Creator","timestamp":"2026-06-17T19:08:47.264Z","version":1,"tooling":"HarborGuard Database (https://database.harborguard.co)","statements":[{"vulnerability":{"name":"CVE-2026-55201","@id":"https://www.cve.org/CVERecord?id=CVE-2026-55201","description":"Evil-WinRM through 3.9, fixed in commit 6ecd570, contains a path traversal vulnerability in the download_dir() function that allows a rogue or compromised remote Windows server to write files outside the intended download directory by returning filenames with traversal sequences from Get-ChildItem command output that are passed unsanitized to File.join(). Attackers controlling the remote server can exploit this to overwrite sensitive client-side files such as SSH authorized_keys or shell configu"},"products":[{"@id":"cpe:2.3:a:hackplayers:evil-winrm:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:hackplayers:evil-winrm:*:*:*:*:*:*:*:*"}}],"status":"affected","action_statement":"Update to a fixed version: 6ecd570a298562dc72ad73978307eb34182f5850.","timestamp":"2026-06-17T19:08:47.264Z"}]}