ByteOS Network

NVD Vulnerability Details :

CVE-2026-32808

Analyzed

Source-security-advisories@github.com

Published At-20 Mar, 2026 | 02:16

Updated At-26 Mar, 2026 | 18:36

pyLoad is a free and open-source download manager written in Python. Versions before 0.5.0b3.dev97 are vulnerable to path traversal during password verification of certain encrypted 7z archives (encrypted files with non-encrypted headers), causing arbitrary file deletion outside of the extraction directory. During password verification, pyLoad derives an archive entry name from 7z listing output and treats it as a filesystem path without constraining it to the extraction directory. This issue has been fixed in version 0.5.0b3.dev97.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	8.1	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 8.1

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

CPE Matches

pyload>>pyload>>Versions up to 0.4.20(inclusive)

cpe:2.3:a:pyload:pyload:*:*:*:*:*:*:*:*

pyload-ng_project>>pyload-ng>>Versions from 0.5.0a5.dev528(inclusive) to 0.5.0b3.dev97(exclusive)

cpe:2.3:a:pyload-ng_project:pyload-ng:*:*:*:*:*:python:*:*

Weaknesses

CWE ID	Type	Source
CWE-22	Primary	security-advisories@github.com

CWE ID: CWE-22

Type: Primary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/pyload/pyload/security/advisories/GHSA-7g4m-8hx2-4qh3	security-advisories@github.com	Exploit Mitigation Vendor Advisory

Hyperlink: https://github.com/pyload/pyload/security/advisories/GHSA-7g4m-8hx2-4qh3

Source: security-advisories@github.com

Resource:

Exploit

Mitigation

Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History