cbcvebase.
CVE-2026-42314
published 2026-05-11

CVE-2026-42314: pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, package folder names are sanitized using insufficient string…

PriorityP338medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
EPSS
0.34%
26.0th percentile
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, package folder names are sanitized using insufficient string replacement. The pattern ....// becomes .._ after replacement (partial removal), leaving .. which can be exploited when the path is later resolved by the OS. This vulnerability is fixed in 0.5.0b3.dev100.

Affected

3 ranges
VendorProductVersion rangeFixed in
pyload-ng_projectpyload-ng< 0.5.0b3.dev1000.5.0b3.dev100
pyload-ng_projectpyload-ng>= 0 < 0.5.0b3.dev1000.5.0b3.dev100
pyloadpyload< 0.5.0b3.dev1000.5.0b3.dev100
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.