Vulnerability Details CVE-2026-42314
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, package folder names are sanitized using insufficient string replacement. The pattern ....// becomes .._ after replacement (partial removal), leaving .. which can be exploited when the path is later resolved by the OS. This vulnerability is fixed in 0.5.0b3.dev100.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 18.6%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2026-42314
-
cpe:2.3:a:pyload-ng_project:pyload-ng:-
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a5.dev528
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a5.dev532
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a5.dev535
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a5.dev536
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a5.dev537
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a5.dev539
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a5.dev540
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a5.dev545
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a5.dev562
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a5.dev564
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a5.dev565
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a6.dev570
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a6.dev578
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a6.dev587
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a7.dev596
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a8.dev602
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a9.dev615
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a9.dev629
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a9.dev632
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a9.dev641
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a9.dev643
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a9.dev655
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0a9.dev806
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b1.dev1
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b1.dev2
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b1.dev3
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b1.dev4
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b1.dev5
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b2.dev10
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b2.dev11
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b2.dev12
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b2.dev9
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev13
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev14
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev17
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev18
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev19
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev20
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev21
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev22
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev24
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev26
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev27
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev28
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev29
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev30
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev31
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev32
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev33
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev34
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev35
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev38
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev39
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev40
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev41
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev42
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev43
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev44
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev45
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev46
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev47
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev48
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev49
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev50
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev51
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev52
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev53
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev54
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev57
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev60
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev62
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev64
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev65
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev66
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev67
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev68
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev69
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev70
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev71
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev72
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev73
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev74
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev75
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev76
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev77
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev78
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev79
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev80
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev81
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev82
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev85
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev87
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev88
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev89
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev90
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev91
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev92
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev93
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev94
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev95
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev96
-
cpe:2.3:a:pyload-ng_project:pyload-ng:0.5.0b3.dev97