CVE-2026-42314

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

6.5 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N                                    

Vulnerability Description

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, package folder names are sanitized using insufficient string replacement. The pattern ....// becomes .._ after replacement (partial removal), leaving .. which can be exploited when the path is later resolved by the OS. This vulnerability is fixed in 0.5.0b3.dev100.

Vulnerability Details

Published Date

May 05, 2026

Last Modified

May 11, 2026

CWE ID

CWE-22

Source

GitHub

Vendor

pip

Product

pyload-ng

External References

https://github.com/pyload/pyload/security/advisories/GHSA-97r3-5w84-r4q8
https://github.com/advisories/GHSA-97r3-5w84-r4q8

CVE-2026-42314

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment