CVE-2026-44226

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, pyload-ng WebUI returns full Python traceback details to clients on unhandled exceptions. Because /web/ is reachable without authentication and renders attacker-controlled template names, an...

pyLoad CNL and captcha handlers allow Code Injection via unsanitized parameters

Summary pyLoad web interface contained insufficient input validation in both the Captcha script endpoint and the Click'N'Load CNL Blueprint. This flaw allowed untrusted user input to be processed unsafely, which could be exploited by an attacker to inject arbitrary content into the web UI or...