CVE-2026-32808

High CVSS: 8.1

pyLoad is a free and open-source download manager written in Python. Versions before 0.5.0b3.dev97 are vulnerable to path traversal during password verification of certain encrypted 7z archives (encrypted files with non-encrypted headers), causing arbitrary file deletion outside of the extraction directory. During password verification, pyLoad derives an archive entry name from 7z listing output and treats it as a filesystem path without constraining it to the extraction directory. This issue has been fixed in version 0.5.0b3.dev97.

Vendor

Pyload

Product

Pyload

CWE

CWE-22

Yayın Tarihi

2026-03-20 02:16:34

Güncelleme

2026-03-26 18:36:48

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-22 Pyload HIGH Pyload 2026

Referanslar

https://github.com/pyload/pyload/security/advisories/GHSA-7g4m-8hx2-4qh3

Benzer Kayıtlar

Critical

CVE-2026-33992

pyLoad is a free and open-source download manager written in Python. Prior to version 0.5.0b3.dev97, PyLoad's download e…

High

CVE-2026-33509

pyLoad is a free and open-source download manager written in Python. From version 0.4.0 to before version 0.5.0b3.dev97,…

High

CVE-2026-33511

pyLoad is a free and open-source download manager written in Python. From version 0.4.20 to before version 0.5.0b3.dev97…