cbcvebase.
CVE-2026-42315
published 2026-05-11

CVE-2026-42315: pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, when passing a folder name in the set_package_data() API function…

PriorityP342medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
EPSS
0.40%
31.3th percentile
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, when passing a folder name in the set_package_data() API function call inside the data object with key "_folder", there is no sanitization at all, allowing a user with Perms.MODIFY to specify arbitrary directories as download locations for a package. This vulnerability is fixed in 0.5.0b3.dev100.

Affected

3 ranges
VendorProductVersion rangeFixed in
pyload-ng_projectpyload-ng< 0.5.0b3.dev1000.5.0b3.dev100
pyload-ng_projectpyload-ng>= 0 < 0.5.0b3.dev1000.5.0b3.dev100
pyloadpyload< 0.5.0b3.dev1000.5.0b3.dev100
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.