Unrated severityNVD Advisory· Published Mar 20, 2026· Updated Mar 25, 2026
pyLoad: Arbitrary File Deletion via Path Traversal during Encrypted 7z Password Verification
CVE-2026-32808
Description
pyLoad is a free and open-source download manager written in Python. Versions before 0.5.0b3.dev97 are vulnerable to path traversal during password verification of certain encrypted 7z archives (encrypted files with non-encrypted headers), causing arbitrary file deletion outside of the extraction directory. During password verification, pyLoad derives an archive entry name from 7z listing output and treats it as a filesystem path without constraining it to the extraction directory. This issue has been fixed in version 0.5.0b3.dev97.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1- github.com/pyload/pyload/security/advisories/GHSA-7g4m-8hx2-4qh3mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.