A vulnerability, which was classified as critical , has been found in Hackplayers evil-winrm up to 3.9 . Affected is the function download_dir of the component Configuration Handler . The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2026-55201 . The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.