CVE

CVE-2026-29778

pyLoad has an Arbitrary File Write via Path Traversal in edit_package()

CVE

CVE-2026-29778

pyLoad has an Arbitrary File Write via Path Traversal in edit_package()

The editpackage() function implements insufficient sanitization for the packfolder parameter. The current protection relies on a single-pass string replacement of "../", which can be bypassed using crafted recursive traversal sequences.

Exploitation

An authenticated user with MODIFY permission can bypass the sanitization by submitting a payload such as:

pack_folder=..././..././..././tmp

After the single-pass replacement, this becomes:

../../../tmp

Because the traversal sequences are not properly validated, the resulting normalized path escapes the intended storage directory and writes files to /tmp or other locations.

Package Versions Affected

No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading

Detect compatible fix

Apply safe remediation

Fix with a single pull request

CVSS Version

7.1

3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

Related Resources

No items found.

References

https://github.com/pyload/pyload/security/advisories/GHSA-6px9-j4qr-xfjw, https://nvd.nist.gov/vuln/detail/CVE-2026-29778, https://github.com/pyload/pyload

Severity

7.1

CVSS Score

Basic Information

Ecosystem

Base CVSS

7.1

EPSS Probability

0.00022%

EPSS Percentile

0.06189%

Introduced Version

0.5.0b3.dev13

Fix Available

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.

Fix Without Upgrading

Get a Demo

Let's Patch It!

CVE-2026-29778

CVE-2026-29778

Package Versions Affected

Automatically patch vulnerabilities without upgrading

CVSS Version

Related Resources

References

Severity

7.1

Basic Information

Fix Critical Vulnerabilities Instantly