CVE-2026-35463: pyload-ng RCE via AntiVirus Plugin (HIGH)
Plattform
python
Komponente
pyload-ng
CVE-2026-35463 is a Remote Code Execution (RCE) vulnerability in pyload-ng. This vulnerability allows non-admin users with SETTINGS permission to achieve RCE by modifying the AntiVirus plugin configuration, specifically the executable path. This affects pyload-ng versions up to and including 0.5.0b3.dev96. No official patch is currently available.
So beheben
Kein offizieller Patch verfügbar. Prüfe auf Workarounds oder überwache auf Updates.
Häufig gestellte Fragen
What is CVE-2026-35463?
CVE-2026-35463 is a Remote Code Execution (RCE) vulnerability in pyload-ng that allows non-admin users to execute arbitrary code.
Am I affected by CVE-2026-35463?
You are affected if you are using pyload-ng version 0.5.0b3.dev96 or earlier and have non-admin users with SETTINGS permissions.
How can I fix or mitigate CVE-2026-35463?
Currently, there is no official patch available. Mitigation strategies may include restricting access to the AntiVirus plugin configuration and carefully validating user-supplied executable paths.
Abhängigkeiten automatisch überwachen
Werde benachrichtigt, wenn neue Schwachstellen deine Projekte betreffen. Für immer kostenlos.
Kostenlos starten