CVE-2026-29778 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

pyLoad is a free and open-source download manager written in Python. From version 0.5.0b3.dev13 to 0.5.0b3.dev96, the edit_package() function implements insuffi…
High CVSS: 7.1

CVE-2026-29778

pyLoad is a free and open-source download manager written in Python. From version 0.5.0b3.dev13 to 0.5.0b3.dev96, the edit_package() function implements insufficient sanitization for the pack_folder parameter. The current protection relies on a single-pass string replacement of "../", which can be bypassed using crafted recursive traversal sequences. This issue has been patched in version 0.5.0b3.dev97.
Vendor
Pyload-ng Project
Product
Pyload-ng
CWE
CWE-23
Yayın Tarihi
2026-03-07 16:15:54
Güncelleme
2026-03-11 22:09:15
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-23 Pyload-ng HIGH Pyload-ng Project 2026

Referanslar

https://github.com/pyload/pyload/security/advisories/GHSA-6px9-j4qr-xfjw