CVE-2026-29778
📋 TL;DR
This vulnerability in pyLoad allows attackers to bypass directory traversal protections in the edit_package() function using recursive path sequences like '....//' or '..././'. This enables unauthorized file system access, potentially leading to file reading, modification, or deletion. Users running pyLoad versions 0.5.0b3.dev13 through 0.5.0b3.dev96 are affected.
💻 Affected Systems
- pyLoad
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise through arbitrary file write leading to remote code execution, sensitive data exposure, or service disruption.
Likely Case
Unauthorized file access allowing reading of configuration files, credentials, or sensitive user data stored on the server.
If Mitigated
Limited impact with proper file permissions and network segmentation, potentially only allowing access to non-critical files.
🎯 Exploit Status
Exploitation requires authenticated access to the edit_package function, but the bypass technique is simple and well-documented in the advisory.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 0.5.0b3.dev97
Vendor Advisory: https://github.com/pyload/pyload/security/advisories/GHSA-6px9-j4qr-xfjw
Restart Required: Yes
Instructions:
1. Stop pyLoad service. 2. Update to version 0.5.0b3.dev97 or later using pip: 'pip install --upgrade pyload-ng'. 3. Restart pyLoad service.
🔧 Temporary Workarounds
Disable edit_package functionality
allTemporarily disable or restrict access to the vulnerable edit_package() function
Modify pyLoad configuration to remove or restrict package editing permissions
Implement additional path validation
allAdd custom path sanitization that properly handles recursive traversal sequences
Implement path normalization using os.path.normpath() before processing
🧯 If You Can't Patch
- Restrict pyLoad service account permissions to minimal required directories
- Implement network segmentation to isolate pyLoad from sensitive systems
🔍 How to Verify
Check if Vulnerable:
Check pyLoad version: if between 0.5.0b3.dev13 and 0.5.0b3.dev96 inclusive, system is vulnerable.Check Version:
pyload --version or check pyLoad web interface version informationVerify Fix Applied:
Confirm version is 0.5.0b3.dev97 or later and test that path traversal sequences like '....//' are properly blocked.📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns in pyLoad logs
- Multiple failed path traversal attempts
- Access to files outside expected download directories
Network Indicators:
- HTTP requests with unusual path sequences in pack_folder parameter
- Multiple edit_package requests with varying path patterns
SIEM Query:
source="pyload.log" AND ("edit_package" OR "pack_folder") AND (".." OR "../" OR "./")