NIXPKGS-2026-0967

GitHub issue published on

Permalink CVE-2026-35586

6.8 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): NONE

updated 3 weeks ago by @LeSuisse Activity log

Created suggestion 3 weeks ago
@LeSuisse ignored
5 packages
- python312Packages.pyloadapi
- python313Packages.pyloadapi
- python314Packages.pyloadapi
- home-assistant-component-tests.pyload
- tests.home-assistant-component-tests.pyload
3 weeks ago
@LeSuisse accepted 3 weeks ago
@LeSuisse published on GitHub 3 weeks ago

Authorization Bypass for SSL Certificate/Key Configuration Due to Option Name Mismatch in pyload-ng

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the ADMIN_ONLY_CORE_OPTIONS authorization set in set_config_value() uses incorrect option names ssl_cert and ssl_key, while the actual configuration option names are ssl_certfile and ssl_keyfile. This name mismatch causes the admin-only check to always evaluate to False, allowing any user with SETTINGS permission to overwrite the SSL certificate and key file paths. Additionally, the ssl_certchain option was never added to the admin-only set at all. This vulnerability is fixed in 0.5.0b3.dev97.