CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-29778

pyLoad is a free and open-source download manager written in Python. From version 0.5.0b3.dev13 to 0.5.0b3.dev96, the edit_package() function implements insufficient sanitization for the pack_folder parameter. The current protection relies on a single-pass string replacement of "../", which can be bypassed using crafted recursive traversal sequences. This issue has been patched in version 0.5.0b3.dev97.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 4.8%

CVSS Severity

CVSS v3 Score 7.1

References

https://github.com/pyload/pyload/security/advisories/GHSA-6px9-j4qr-xfjw

Products affected by CVE-2026-29778

Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev13

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev13
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev14

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev14
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev17

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev17
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev18

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev18
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev19

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev19
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev20

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev20
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev21

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev21
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev22

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev22
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev24

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev24
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev26

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev26
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev27

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev27
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev28

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev28
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev29

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev29
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev30

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev30
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev31

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev31
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev32

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev32
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev33

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev33
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev34

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev34
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev35

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev35
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev38

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev38
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev39

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev39
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev40

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev40
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev41

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev41
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev42

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev42
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev43

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev43
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev44

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev44
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev45

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev45
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev46

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev46
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev47

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev47
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev78

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev78

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-29778

Products

Pricing

Contact Us