VYPR
Medium severity5.3GHSA Advisory· Published May 11, 2026· Updated May 18, 2026

CVE-2026-44226

CVE-2026-44226

Description

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, pyload-ng WebUI returns full Python traceback details to clients on unhandled exceptions. Because /web/<path:filename> is reachable without authentication and renders attacker-controlled template names, an unauthenticated user can reliably trigger a server exception (for example by requesting a non-existent template) and receive internal stack traces in the HTTP response. This vulnerability is fixed in 0.5.0b3.dev100.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
pyload-ngPyPI
< 0.5.0b3.dev1000.5.0b3.dev100

Affected products

3
  • Pyload/PyloadGHSA2 versions
    < 0.5.0b3.dev100+ 1 more
    • (no CPE)range: < 0.5.0b3.dev100
    • cpe:2.3:a:pyload:pyload:*:*:*:*:*:*:*:*range: <2026-04-13
  • ghsa-coords
    Range: < 0.5.0b3.dev100

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.