Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2026/VULN258 _____________________________________________________________________ DATE : 05/03/2026 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running pyload-ng (pip) versions prior to 0.5.0b3.dev97. ===================================================================== https://github.com/pyload/pyload/security/advisories/GHSA-6px9-j4qr-xfjw _____________________________________________________________________ Arbitrary File Write via Path Traversal in edit_package() High GammaC0de published GHSA-6px9-j4qr-xfjw Mar 4, 2026 Package pyload-ng (pip) Affected versions 0.5.0b3 Patched versions pyload-ng 0.5.0b3.dev97 Description The edit_package() function implements insufficient sanitization for the pack_folder parameter. The current protection relies on a single-pass string replacement of "../", which can be bypassed using crafted recursive traversal sequences. Exploitation An authenticated user with MODIFY permission can bypass the sanitization by submitting a payload such as: pack_folder=..././..././..././tmp After the single-pass replacement, this becomes: ../../../tmp Because the traversal sequences are not properly validated, the resulting normalized path escapes the intended storage directory and writes files to /tmp or other locations. Severity High 7.1/ 10 CVSS v3 base metrics Attack vector Network Attack complexity Low Privileges required Low User interaction None Scope Unchanged Confidentiality None Integrity High Availability Low CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L CVE ID CVE-2026-29778 Weaknesses Weakness CWE-23 Credits @BaranTeyin1 BaranTeyin1 Reporter @MetinGerdan MetinGerdan Reporter ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================