CVE-2026-35187: pyload-ng SSRF Vulnerability (HIGH)
Plattform
python
Komponente
pyload-ng
CVE-2026-35187 is a Server-Side Request Forgery (SSRF) vulnerability in pyload-ng. This vulnerability allows authenticated users with ADD permission to fetch arbitrary URLs server-side without any URL validation, protocol restriction, or IP blacklist. This affects pyload-ng versions up to and including 0.5.0b3.dev96. No official patch is currently available.
So beheben
Kein offizieller Patch verfügbar. Prüfe auf Workarounds oder überwache auf Updates.
Häufig gestellte Fragen
What is CVE-2026-35187?
CVE-2026-35187 is a Server-Side Request Forgery (SSRF) vulnerability in pyload-ng that allows fetching arbitrary URLs.
Am I affected by CVE-2026-35187?
You are affected if you are using pyload-ng version 0.5.0b3.dev96 or earlier and have authenticated users with ADD permissions.
How can I fix or mitigate CVE-2026-35187?
Currently, there is no official patch available. Mitigation strategies may include carefully validating and sanitizing user-supplied URLs and restricting network access.
Abhängigkeiten automatisch überwachen
Werde benachrichtigt, wenn neue Schwachstellen deine Projekte betreffen. Für immer kostenlos.
Kostenlos starten