Medium severity5.3GHSA Advisory· Published May 11, 2026· Updated May 18, 2026
CVE-2026-44226
CVE-2026-44226
Description
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, pyload-ng WebUI returns full Python traceback details to clients on unhandled exceptions. Because /web/<path:filename> is reachable without authentication and renders attacker-controlled template names, an unauthenticated user can reliably trigger a server exception (for example by requesting a non-existent template) and receive internal stack traces in the HTTP response. This vulnerability is fixed in 0.5.0b3.dev100.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pyload-ngPyPI | < 0.5.0b3.dev100 | 0.5.0b3.dev100 |
Affected products
3Patches
Vulnerability mechanics
References
3- github.com/pyload/pyload/security/advisories/GHSA-c3gc-9pf2-84ggnvdExploitVendor AdvisoryWEB
- github.com/advisories/GHSA-c3gc-9pf2-84ggghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-44226ghsaADVISORY
News mentions
0No linked articles in our index yet.