CVE-2026-41589 | charmbracelet wish up to 2.0.0 SCP Middleware charm.land/wish/v2 path traversal (GHSA-xjvp-7243-rg9h)

A vulnerability was found in charmbracelet wish up to 2.0.0 and classified as critical. The affected element is an unknown function of the file charm.land/wish/v2 of the component SCP Middleware. Such manipulation leads to path traversal.

This vulnerability is uniquely identified as CVE-2026-41589. The attack can be launched remotely. No exploit exists.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More