CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-35463

pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, the ADMIN_ONLY_OPTIONS protection mechanism restricts security-critical configuration values (reconnect scripts, SSL certs, proxy credentials) to admin-only access. However, this protection is only applied to core config options, not to plugin config options. The AntiVirus plugin stores an executable path (avfile) in its config, which is passed directly to subprocess.Popen(). A non-admin user with SETTINGS permission can change this path to achieve remote code execution.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 28.0%

CVSS Severity

CVSS v3 Score 8.8

References

Products affected by CVE-2026-35463

Pyload-Ng Project » Pyload-Ng » Version: N/A

cpe:2.3:a:pyload-ng_project:pyload-ng:-
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0a5.dev528

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a5.dev528
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0a5.dev532

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a5.dev532
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0a5.dev535

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a5.dev535
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0a5.dev536

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a5.dev536
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0a5.dev537

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a5.dev537
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0a5.dev539

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a5.dev539
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0a5.dev540

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a5.dev540
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0a5.dev545

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a5.dev545
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0a5.dev562

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a5.dev562
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0a5.dev564

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a5.dev564
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0a5.dev565

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a5.dev565
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0a6.dev570

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a6.dev570
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0a6.dev578

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a6.dev578
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0a6.dev587

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a6.dev587
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0a7.dev596

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a7.dev596
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0a8.dev602

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a8.dev602
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0a9.dev615

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a9.dev615
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0a9.dev629

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a9.dev629
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0a9.dev632

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a9.dev632
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0a9.dev641

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a9.dev641
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0a9.dev643

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a9.dev643
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0a9.dev655

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a9.dev655
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0a9.dev806

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a9.dev806
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b1.dev1

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b1.dev1
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b1.dev2

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b1.dev2
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b1.dev3

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b1.dev3
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b1.dev4

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b1.dev4
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b1.dev5

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b1.dev5
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b2.dev10

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b2.dev10
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b2.dev11

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b2.dev11
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b2.dev12

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b2.dev12
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b2.dev9

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b2.dev9
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev13

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev13
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev14

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev14
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev17

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev17
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev18

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev18
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev19

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev19
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev20

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev20
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev21

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev21
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev22

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev22
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev24

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev24
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev26

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev26
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev27

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev27
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev28

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev28
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev29

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev29
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev30

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev30
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev31

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev31
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev32

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev32
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev33

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev33
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev34

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev34
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev35

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev35
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev38

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev38
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev39

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev39
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev40

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev40
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev41

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev41
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev42

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev42
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev43

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev43
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev44

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev44
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev45

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev45
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev46

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev46
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev47

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev47
Pyload-Ng Project » Pyload-Ng » Version: 0.5.0b3.dev78

cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev78

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-35463

Products

Pricing

Contact Us