Skip to main content

pyLoad-ng CVE-2026-45306

| EUVDEUVD-2026-32958 MEDIUM
Use of Incorrectly-Resolved Name or Reference (CWE-706)
2026-05-14 https://github.com/pyload/pyload GHSA-w727-595x-pc3r
6.5
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

4
Patch available
May 28, 2026 - 20:02 EUVD
Source Code Evidence Fetched
May 14, 2026 - 21:19 vuln.today
Analysis Generated
May 14, 2026 - 21:19 vuln.today
CVE Published
May 14, 2026 - 20:17 nvd
MEDIUM 6.5

DescriptionGitHub Advisory

Summary

The fix for CVE-2026-33509 prevents setting storage_folder inside PKGDIR or userdir, but does NOT protect the Flask session directory (/tmp/pyLoad/flask). An authenticated attacker can set storage_folder to the session directory and download session files of other users via /files/get/, leading to account takeover.

Details

The fix in src/pyload/core/api/__init__.py:

python
directories = [PKGDIR, userdir]
if any(directories[0].startswith(d) for d in directories[1:]):
    return
# blocked

But the Flask session directory is:

python
session_storage_path = os.path.join(api.get_cachedir(), "flask")
# = /tmp/pyLoad/flask  ← NOT blocked by fix

Attack Chain

  1. Attacker (admin) sets storage_folder = /tmp/pyLoad/flask
  2. Fix does NOT block this - /tmp/pyLoad/flask not inside PKGDIR or userdir
  3. Attacker requests GET /files/get/<victim_session_filename>
  4. send_from_directory('/tmp/pyLoad/flask', session_file) serves victim's session
  5. Attacker uses stolen session → Account Takeover

PoC

<img width="592" height="408" alt="POC" src="https://github.com/user-attachments/assets/936b9f56-325b-437d-9edd-e0d5bb995187" />

python
import os

PKGDIR = "/usr/lib/python3/dist-packages/pyload"
userdir = os.path.expanduser("~/.pyload")
session_dir = "/tmp/pyLoad/flask"

correct_case = lambda x: x
directories = [
    correct_case(os.path.join(os.path.realpath(d), ""))
    for d in [session_dir, PKGDIR, userdir]
]
blocked = any(directories[0].startswith(d) for d in directories[1:])

print(f"Fix blocks session_dir: {blocked}")
# Output: Fix blocks session_dir: False  ← BYPASS CONFIRMED

Impact

Authenticated admin can steal sessions of other users → Account Takeover.

Suggested Fix

python
blocked_dirs = [PKGDIR, userdir, api.get_cachedir()]
directories = [
    os.path.join(os.path.realpath(d), "")
    for d in [value] + blocked_dirs
]
if any(directories[0].startswith(d) for d in directories[1:]):
    return

AnalysisAI

Authenticated admin users in pyLoad-ng can bypass the CVE-2026-33509 fix by setting the storage_folder to the Flask session directory (/tmp/pyLoad/flask), then downloading and reusing session files of other users via the /files/get/ endpoint to achieve account takeover. The original patch failed to block access to the session cache directory, leaving it accessible through the directory traversal protection bypass. Publicly available proof-of-concept code confirms the bypass is functional.

Technical ContextAI

pyLoad-ng is a Python-based download manager with a Flask web interface that stores user session files in /tmp/pyLoad/flask. The vulnerability stems from an incomplete patch to CVE-2026-33509 in src/pyload/core/api/__init__.py, which validates that storage_folder cannot be set inside PKGDIR (/usr/lib/python3/dist-packages/pyload) or userdir (~/.pyload), but fails to block the Flask session cache directory (api.get_cachedir()/flask). The /files/get/ endpoint uses send_from_directory() to serve files from the configured storage_folder without proper path validation against all sensitive directories. CWE-706 (Incorrect Comparison) describes the root cause: the comparison logic is incomplete, missing a critical directory from the allowlist of blocked paths. The underlying issue is path traversal control bypass combined with improper access control to sensitive system directories.

RemediationAI

Apply the vendor-provided patch by modifying src/pyload/core/api/__init__.py to include api.get_cachedir() in the list of blocked directories. The corrected code should validate that storage_folder does not reside within PKGDIR, userdir, or api.get_cachedir(). Exact patched version confirmation is pending from the pyLoad project; check https://github.com/pyload/pyload/security/advisories/GHSA-w727-595x-pc3r for the official patch release. As an interim compensating control on Linux systems, restrict write permissions on /tmp/pyLoad/flask to the pyLoad process user only and prevent unprivileged users from modifying storage_folder settings through role-based access control. Disable the /files/get/ endpoint entirely if not required for legitimate use, or implement allowlist-based path validation that prevents access to any directory outside a designated safe directory. Monitor Flask session files in /tmp/pyLoad/flask for unauthorized access or deletion, as these may indicate exploitation attempts.

More in Python

View all
CVE-2025-24016 CRITICAL POC
9.9 Feb 10

Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI t

CVE-2025-27520 CRITICAL POC
9.8 Apr 04

BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deser

CVE-2025-2945 CRITICAL POC
9.9 Apr 03

pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoi

CVE-2013-5093 MEDIUM POC
6.8 Sep 27

The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python

CVE-2025-32375 CRITICAL POC
9.8 Apr 09

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Rated critica

CVE-2014-0224 HIGH POC
7.4 Jun 05

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph

CVE-2024-21644 HIGH POC
7.5 Jan 08

pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.

CVE-2017-9462 HIGH POC
8.8 Jun 06

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and conse

CVE-2026-39987 CRITICAL POC
9.3 Apr 08

Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/

CVE-2024-21645 MEDIUM POC
5.3 Jan 08

pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne

CVE-2026-33017 CRITICAL POC
9.3 Mar 17

Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-3301

CVE-2026-55255 HIGH POC
8.4 Jun 19

Cross-user flow execution in Langflow (< 1.9.1) lets any authenticated API-key holder run another user's flow by passing

Share

CVE-2026-45306 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy