CVE-2026-32808 - Vulnerability Analysis
HighCVSS: 8.1Last Updated: March 20, 2026
pyLoad - Path Traversal
Published: March 20, 2026Updated: March 20, 2026Remote Exploitable
Overview
pyLoad < 0.5.0b3.dev97 contains a path traversal vulnerability caused by improper validation of archive entry names during password verification of certain encrypted 7z archives, letting attackers delete arbitrary files outside the extraction directory, exploit requires crafted encrypted 7z archive.
Severity & Score
Severity: High
CVSS Score: 8.1
Impact
Attackers can delete arbitrary files outside the extraction directory, potentially leading to data loss or system disruption.
Mitigation
Update to version 0.5.0b3.dev97 or later.
Related Resources
Details
- CVE ID
- CVE-2026-32808
- Severity
- High
- CVSS Score
- 8.1
- Type
- path_traversal
- Status
- new
CWE
- CWE-22
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H