CVE-2026-35459: pyload-ng SSRF Bypass via Redirects (CRITICAL)
Plattform
python
Komponente
pyload-ng
CVE-2026-35459 is a Server-Side Request Forgery (SSRF) vulnerability in pyload-ng. This vulnerability allows authenticated users with ADD permission to bypass the SSRF protection by submitting a URL that redirects to an internal address. This affects pyload-ng versions up to and including 0.5.0b3.dev96. No official patch is currently available.
So beheben
Kein offizieller Patch verfügbar. Prüfe auf Workarounds oder überwache auf Updates.
Häufig gestellte Fragen
What is CVE-2026-35459?
CVE-2026-35459 is a Server-Side Request Forgery (SSRF) vulnerability in pyload-ng that allows bypassing SSRF protection via HTTP redirects.
Am I affected by CVE-2026-35459?
You are affected if you are using pyload-ng version 0.5.0b3.dev96 or earlier and have authenticated users with ADD permissions.
How can I fix or mitigate CVE-2026-35459?
Currently, there is no official patch available. Mitigation strategies may include carefully validating and sanitizing user-supplied URLs and disabling HTTP redirects.
Abhängigkeiten automatisch überwachen
Werde benachrichtigt, wenn neue Schwachstellen deine Projekte betreffen. Für immer kostenlos.
Kostenlos starten