LOW
magic-wormhole
CVE published 2026-05-26
CVE-2026-42448
Magic Wormhole is a tool for transferring files and directories between computers. This CVE documents a path traversal vulnerability affecting versions prior to 0.24.0. The issue occurs when a receiver specifies an output directory that already exists as a directory using the --output flag. The vulnerability was published on 2026-05-26 and carries a LOW severity CVSS score of 3.5. The issue is classified [truncated]