cbcvebase.
CVE-2026-44226
published 2026-05-11

CVE-2026-44226: pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, pyload-ng WebUI returns full Python traceback details to clients…

PriorityP434medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.34%
25.4th percentile
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, pyload-ng WebUI returns full Python traceback details to clients on unhandled exceptions. Because /web/ is reachable without authentication and renders attacker-controlled template names, an unauthenticated user can reliably trigger a server exception (for example by requesting a non-existent template) and receive internal stack traces in the HTTP response. This vulnerability is fixed in 0.5.0b3.dev100.

Affected

3 ranges
VendorProductVersion rangeFixed in
pyload-ng_projectpyload-ng>= 0 < 0.5.0b3.dev1000.5.0b3.dev100
pyloadpyload< 0.5.0b3.dev1000.5.0b3.dev100
pyloadpyload< 2026-04-132026-04-13
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.