CVE-2026-42315 - Vulnerability Analysis
HighCVSS: 8.1Last Updated: May 11, 2026
pyLoad - Path Traversal
Overview
pyLoad < 0.5.0b3.dev100 contains a path traversal caused by lack of sanitization of folder names in set_package_data() API, letting users with Perms.MODIFY specify arbitrary download directories, exploit requires MODIFY permission.
Severity & Score
Impact
Users with MODIFY permission can specify arbitrary directories for downloads, potentially leading to unauthorized file writes or data tampering.
Mitigation
Upgrade to version 0.5.0b3.dev100 or later.
Social Media Activity(2 posts)
š CVE-2026-42315 - High (8.1) pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, when passing a folder name in the set_package_data() API function call inside the data object with key "_folder", there is no sanitization at all, allowi... š https://www.thehackerwire.com/vulnerability/CVE-2026-42315/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-42315 - High (8.1) pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, when passing a folder name in the set_package_data() API function call inside the data object with key "_folder", there is no sanitization at all, allowi... š https://www.thehackerwire.com/vulnerability/CVE-2026-42315/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-42315
- Severity
- High
- CVSS Score
- 8.1
- Type
- path_traversal
- Status
- new
- EPSS
- 5.9%
- Social Posts
- 2
CWE
- CWE-22
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H