Plattform
python
Komponente
pyload-ng
Behoben in
0.5.1
0.5.1
0.5.0b3.dev97
CVE-2026-29778 describes a Path Traversal vulnerability discovered in pyload-ng, a Python-based download manager. This flaw allows authenticated users with MODIFY permission to bypass intended directory restrictions and potentially write files to arbitrary locations on the system. The vulnerability affects versions of pyload-ng up to and including 0.5.0b3.dev96, with a fix available in version 0.5.0b3.dev97.
The core of the vulnerability lies in the insufficient sanitization of the packfolder parameter within the editpackage() function. The current implementation attempts to prevent path traversal by replacing occurrences of "../", but this is easily bypassed using carefully crafted recursive sequences. For example, a payload like ..././..././..././tmp becomes ../../../tmp after the single-pass replacement, effectively escaping the intended storage directory. Successful exploitation could allow an attacker to overwrite critical system files, execute arbitrary code, or gain unauthorized access to sensitive data, depending on the permissions of the user account running pyload-ng. The blast radius is limited to the system where pyload-ng is running and the privileges of the authenticated user.
This vulnerability was publicly disclosed on 2026-03-05. There is currently no indication of active exploitation campaigns targeting CVE-2026-29778. No public proof-of-concept (PoC) code has been released, but the vulnerability is relatively straightforward to exploit given the bypass of the single-pass sanitization. It is not currently listed on CISA KEV.
Users running pyLoad-ng versions prior to 0.5.0b3.dev97 are at risk, particularly those hosting the application on publicly accessible servers or within shared hosting environments. Systems where pyLoad-ng is used to process user-supplied input for file management are also at higher risk.
• python / server:
import os
import re
def check_pack_folder(pack_folder):
if '..' in pack_folder:
# Check for recursive traversal attempts
if re.search(r'../+', pack_folder):
print("Potential directory traversal attempt detected!")
return False
return True
# Example usage (replace with actual input)
pack_folder = input("Enter pack_folder: ")
if check_pack_folder(pack_folder):
print("Pack folder is safe.")
else:
print("Pack folder is potentially unsafe.")disclosure
Exploit-Status
EPSS
0.02% (4% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-29778 is to upgrade pyload-ng to version 0.5.0b3.dev97 or later, which includes the necessary sanitization improvements. If upgrading is not immediately feasible, consider restricting access to the edit_package() function or implementing stricter file permissions to limit the potential impact of a successful attack. While not a complete solution, a Web Application Firewall (WAF) could be configured to block requests containing suspicious path traversal sequences. Monitor pyload-ng logs for unusual file access patterns or attempts to write files outside of the expected directories. Review and harden the permissions of the user account running pyload-ng to minimize potential damage.
Actualice pyLoad a la versión 0.5.0b3.dev97 o superior. Esta versión contiene una corrección para la vulnerabilidad de path traversal en la función edit_package().
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-29778 is a directory traversal vulnerability in pyLoad-ng versions up to 0.5.0b3.dev96, allowing attackers to access arbitrary files by bypassing sanitization.
You are affected if you are using pyLoad-ng versions 0.5.0b3.dev13 through 0.5.0b3.dev96. Upgrade to 0.5.0b3.dev97 or later to mitigate the risk.
Upgrade pyLoad-ng to version 0.5.0b3.dev97 or later. Consider WAF rules as a temporary workaround if immediate upgrade is not possible.
There are currently no confirmed reports of active exploitation, but the vulnerability's severity warrants prompt mitigation.
Refer to the pyLoad-ng project's official website or GitHub repository for the latest security advisories and release notes.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.