copyparty

by ocv.mev1.20.16

Last updated Jun 8, 2026

Portable file server with accelerated resumable uploads, dedup, WebDAV, FTP, TFTP, zeroconf, media indexer, thumbnails++ all in one file, no deps

Visit homepage

Install with winget

$ winget install --id 9001.copyparty --exact --version 1.20.16

Run in Command Prompt, PowerShell, or Windows Terminal. Prompts for any agreements.

Built by Pckgr

For Intune admins

Stop chasing app updates. Pckgr patches them for you.

Automated application patching for Microsoft Intune. Pckgr keeps a curated library of 1,000+ apps continuously up-to-date in your tenant via Microsoft Graph - no manual repackaging, no chasing vendor sites.

Start free 30-day trial

No credit card required.

Installers · v1.20.16

Architecture	Type	Scope	Install	Download
x64	Portable	-		Direct

Copy a command tailored to that specific architecture, type, and scope - useful when winget would otherwise pick a different default.

Security

12 known CVEs via NVD

low3.7Patched in wingetCVE-2026-32109affects before 1.20.12Mar 11, 2026
Copyparty is a portable file server. Prior to 1.20.12, if an attacker has been given both read- and write-permissions to the server, they can upload a malicious file with the filename .prologue.html and then craft a link to potentially execute arbitrary JavaScript in the victim'...
Vendor advisory
medium6.5Patched in wingetCVE-2026-32108affects before 1.20.12Mar 11, 2026
Copyparty is a portable file server. Prior to 1.20.12, there was a missing permission-check in the shares feature (the shr global-option). This vulnerability only applies when the shares feature is used for the specific purpose of creating a share of just a single file inside a...
Vendor advisory
medium4.6Patched in wingetCVE-2026-30974affects before 1.20.11Mar 10, 2026
Copyparty is a portable file server. Prior to v1.20.11., the nohtml config option, intended to prevent execution of JavaScript in user-uploaded HTML files, did not apply to SVG images. A user with write-permission could upload an SVG containing embedded JavaScript, which would e...
Patch Vendor advisory
medium5.4Patched in wingetCVE-2026-27948affects before 1.20.9Feb 25, 2026
Copyparty is a portable file server. In versions prior to 1.20.9, an XSS allows for reflected cross-site scripting via URL-parameter `?setck=...`. Version 1.20.9 fixes the issue.
Patch Vendor advisory
high7.5Patched in wingetCVE-2025-58753affects before 1.19.8Sep 9, 2025
Copyparty is a portable file server. In versions prior to 1.19.8, there was a missing permission-check in the shares feature (the `shr` global-option). When a share was created for just one file inside a folder, it was possible to access the other files inside that folder by gue...
Patch Vendor advisory
high7.8Patched in wingetCVE-2023-41471affects v1.9.1Aug 29, 2025
Cross Site Scripting vulnerability in copyparty before 1.9.2 allows a local attacker to execute arbitrary code via a crafted payload to the WEEKEND-PLANS function. NOTE: this is disputed because WEEKEND-PLANS is accessible only to actors who already have write access to the serv...
high7.5Patched in wingetCVE-2025-54796affects before 1.18.9Aug 1, 2025
Copyparty is a portable file server. Versions prior to 1.18.9, the filter parameter for the "Recent Uploads" page allows arbitrary RegExes. If this feature is enabled (which is the default), an attacker can craft a filter which deadlocks the server. This is fixed in version 1.18...
Patch Vendor advisory
medium6.3Patched in wingetCVE-2025-54589affects before 1.18.7Jul 31, 2025
Copyparty is a portable file server. In versions 1.18.6 and below, when accessing the recent uploads page at `/?ru`, users can filter the results using an input field at the top. This field appends a filter parameter to the URL, which reflects its value directly into a `<script>...
Patch Vendor advisory

Showing 8 of 12. Source: NVD, updated 3h ago. Patch status is best-effort: NVD's fix version is compared against the latest version in winget, but the two version formats don't always align. Confirm with the vendor advisory before treating any specific build as safe.

See a CVE that affects your fleet? Push the patched version to Intune in one click with Pckgr - automated patching is the only way to keep up.

Related apps

SFTPGoNicola Murino
drakkan.SFTPGovv2.7.3
SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server. It can serve local filesystem, S3 (compatible) Object Storage, Google Cloud Storage, Azure Blob Storage and other SFTP servers.
F
ffsendTim Visée
TimVisee.ffsendv0.2.76
Easily and securely share files from the command line. A fully featured Firefox Send client.
LocalSendTien Do Nam
LocalSend.LocalSendv1.17.0
Share files to nearby devices. Free, open source, cross-platform. An open source cross-platform alternative to AirDrop.
WinpinatorŁukasz Świszcz
LukaszSwiszcz.Winpinatorv0.1.2
An unofficial port of Linux Mint's Warpinator for Windows.
Xlight FTP ServerXlight FTP
XlightFTP.XlightFTPv3.9.4.6
Powerful and Easy-to-Use SFTP and FTP Server.
C
crocschollz
schollz.crocv10.4.4
Easily and securely send things from one computer to another.Easily and securely send things from one computer to another.

More from ocv.me or browse copyparty, file-server, file-sharing.

Frequently asked questions

How do I install copyparty on Windows?

Open Windows Terminal, PowerShell, or Command Prompt and run: winget install --id 9001.copyparty --exact --version 1.20.16. winget downloads the installer from ocv.me and runs it. Requires Windows 10 (1809+) or Windows 11.

How do I install copyparty silently for unattended deployment?

Add --silent and accept the agreements upfront: winget install --id 9001.copyparty --exact 1.20.16 --silent --accept-package-agreements --accept-source-agreements. This is the variant Intune, Configuration Manager, and other deployment tools should use.

How do I uninstall copyparty via winget?

Run: winget uninstall --id 9001.copyparty --exact. Add --silent for unattended uninstalls. winget will use the registered uninstaller from copyparty's Apps & Features entry.

Is copyparty free?

copyparty is distributed under MIT. Refer to the publisher (https://github.com/9001/copyparty/releases/tag/v1.19.17) for the full license terms - Wingetly itself does not charge for installation.

Does copyparty work on Windows 10?

Yes, as long as your Windows 10 build supports winget (1809 or newer). winget ships with App Installer on Windows 10/11 and pulls copyparty directly from the publisher.

How do I keep copyparty up to date?

Run winget upgrade --id 9001.copyparty --exact, or winget upgrade --all to update everything winget tracks. We index 10 versions of copyparty from microsoft/winget-pkgs.

Recent versions

1.20.16latest
1.20.14
1.20.13
1.20.12
1.20.11
1.20.10
1.20.9
1.20.8
1.20.7
1.20.6