Vulnerability Details CVE-2026-32808
pyLoad is a free and open-source download manager written in Python. Versions before 0.5.0b3.dev97 are vulnerable to path traversal during password verification of certain encrypted 7z archives (encrypted files with non-encrypted headers), causing arbitrary file deletion outside of the extraction directory. During password verification, pyLoad derives an archive entry name from 7z listing output and treats it as a filesystem path without constraining it to the extraction directory. This issue has been fixed in version 0.5.0b3.dev97.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 25.0%
CVSS Severity
CVSS v3 Score 8.1
Products affected by CVE-2026-32808
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a5.dev528
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a5.dev532
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a5.dev535
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a5.dev536
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a5.dev537
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a5.dev539
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a5.dev540
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a5.dev545
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a5.dev562
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a5.dev564
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a5.dev565
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a6.dev570
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a6.dev578
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a6.dev587
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a7.dev596
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a8.dev602
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a9.dev615
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a9.dev629
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a9.dev632
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a9.dev641
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a9.dev643
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a9.dev655
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a9.dev806
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b1.dev1
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b1.dev2
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b1.dev3
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b1.dev4
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b1.dev5
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b2.dev10
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b2.dev11
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b2.dev12
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b2.dev9
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev13
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev14
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev17
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev18
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev19
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev20
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev21
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev22
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev24
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev26
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev27
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev28
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev29
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev30
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev31
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev32
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev33
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev34
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev35
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev38
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev39
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev40
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev41
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev42
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev43
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev44
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev45
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev46
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev47
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev78
-
cpe:2.3:a:pyload:pyload:-
-
cpe:2.3:a:pyload:pyload:0.1
-
cpe:2.3:a:pyload:pyload:0.1.1
-
cpe:2.3:a:pyload:pyload:0.2
-
cpe:2.3:a:pyload:pyload:0.2.1
-
cpe:2.3:a:pyload:pyload:0.2.2
-
cpe:2.3:a:pyload:pyload:0.3
-
cpe:2.3:a:pyload:pyload:0.3.1
-
cpe:2.3:a:pyload:pyload:0.3.2
-
cpe:2.3:a:pyload:pyload:0.4
-
cpe:2.3:a:pyload:pyload:0.4.1
-
cpe:2.3:a:pyload:pyload:0.4.2
-
cpe:2.3:a:pyload:pyload:0.4.20
-
cpe:2.3:a:pyload:pyload:0.4.3
-
cpe:2.3:a:pyload:pyload:0.4.4
-
cpe:2.3:a:pyload:pyload:0.4.5
-
cpe:2.3:a:pyload:pyload:0.4.6
-
cpe:2.3:a:pyload:pyload:0.4.7
-
cpe:2.3:a:pyload:pyload:0.4.8
-
cpe:2.3:a:pyload:pyload:0.4.9