CVE-2026-35187 Overview
CVE-2026-35187 is a Server-Side Request Forgery (SSRF) vulnerability in pyLoad, a free and open-source download manager written in Python. The vulnerability exists in the parse_urls API function located in src/pyload/core/api/__init__.py, which fetches arbitrary URLs server-side via get_url(url) (pycurl) without any URL validation, protocol restriction, or IP blacklist.
An authenticated user with ADD permission can exploit this vulnerability to make HTTP/HTTPS requests to internal network resources and cloud metadata endpoints, read local files via the file:// protocol (pycurl reads the file server-side), interact with internal services via gopher:// and dict:// protocols, and enumerate file existence via error-based oracle (error 37 vs empty response).
Critical Impact
Authenticated attackers can access internal network resources, read local files, interact with internal services, and potentially exfiltrate sensitive data from cloud metadata endpoints and internal systems.
Affected Products
- pyLoad version 0.5.0b3.dev96 and earlier
Discovery Timeline
- 2026-04-06 - CVE-2026-35187 published to NVD
- 2026-04-07 - Last updated in NVD database
Technical Details for CVE-2026-35187
Vulnerability Analysis
This vulnerability is classified as CWE-918 (Server-Side Request Forgery). The parse_urls API function in pyLoad fails to validate, restrict, or sanitize user-supplied URLs before passing them to the get_url() function, which utilizes pycurl for fetching remote resources. This design flaw allows authenticated users with ADD permission to craft malicious requests that the server will execute on their behalf.
The lack of protocol restrictions enables attackers to leverage various URI schemes beyond standard HTTP/HTTPS, including file:// for local file access, gopher:// for interacting with internal services, and dict:// for protocol smuggling. The server-side nature of the request means attackers can reach internal network resources that would otherwise be inaccessible from external networks.
Root Cause
The root cause is insufficient input validation in the parse_urls API endpoint. The vulnerable code path directly passes user-controlled URL parameters to pycurl without implementing:
- URL scheme/protocol whitelisting to restrict to safe protocols (HTTP/HTTPS only)
- IP address blacklisting to prevent requests to private/internal IP ranges
- Hostname validation to block requests to localhost and internal hostnames
- Cloud metadata endpoint protection (169.254.169.254, etc.)
Attack Vector
The attack is network-based and requires authentication with ADD permission. An attacker can exploit this vulnerability by:
- Authenticating to the pyLoad instance with valid credentials having ADD permission
- Calling the parse_urls API function with a malicious URL
- Using file:// protocol to read local files such as /etc/passwd or application configuration files
- Using http://169.254.169.254/ to access cloud metadata endpoints on AWS, GCP, or Azure
- Using gopher:// or dict:// protocols to interact with internal services like Redis or Memcached
- Enumerating file existence by analyzing error responses (error 37 indicates file not found vs empty response)
The security patch introduces URL validation by importing urlparse from urllib.parse and adding the is_global_host function to verify that target hosts are not internal/private addresses:
import time
from enum import IntFlag
from typing import Any, Callable, Optional
+from urllib.parse import urlparse
import flask
from werkzeug.utils import secure_filename
from pyload import PKGDIR
+from pyload.core.utils.web.check import is_global_host
from ..datatypes.data import (
AccountInfo, CaptchaTask, ConfigItem, ConfigSection, DownloadInfo, EventInfo, FileData, OldUserData, OnlineCheck,
Source: GitHub Commit
The patch also adds hostname-to-IP resolution functionality to properly validate destination addresses:
import time
from ...network.request_factory import get_url
+from ..convert import host_to_ip
def is_ipv4_address(value):
Source: GitHub Commit
Detection Methods for CVE-2026-35187
Indicators of Compromise
- API requests to parse_urls endpoint containing non-HTTP/HTTPS protocols such as file://, gopher://, or dict://
- Requests targeting internal IP ranges (10.x.x.x, 172.16-31.x.x, 192.168.x.x) or localhost (127.0.0.1)
- API calls attempting to access cloud metadata endpoints (169.254.169.254)
- Unusual outbound connections from the pyLoad server to internal services
Detection Strategies
- Monitor pyLoad API logs for parse_urls calls with suspicious URL schemes or internal IP addresses
- Implement network segmentation monitoring to detect unexpected internal traffic originating from the pyLoad server
- Deploy web application firewall (WAF) rules to detect and block SSRF payloads in API requests
- Enable verbose logging on the pyLoad instance to capture all URL fetch operations
Monitoring Recommendations
- Configure alerts for any pyLoad API requests containing file://, gopher://, dict://, or ftp:// protocols
- Monitor network traffic from the pyLoad server for connections to cloud metadata services
- Implement DNS query logging to detect resolution of internal hostnames via the pyLoad server
- Review pyLoad access logs regularly for authenticated users performing unusual URL parsing operations
How to Mitigate CVE-2026-35187
Immediate Actions Required
- Update pyLoad to a patched version that includes commit 4032e57d61d8f864e39f4dcfdb567527a50a9e1f
- Review user accounts with ADD permission and restrict access to trusted users only
- Implement network-level controls to prevent the pyLoad server from accessing sensitive internal resources
- Block outbound access from the pyLoad server to cloud metadata endpoints at the network/firewall level
Patch Information
The vulnerability has been addressed in commit 4032e57d61d8f864e39f4dcfdb567527a50a9e1f. The fix introduces URL validation using urlparse and implements the is_global_host function to verify that target hosts are globally routable addresses, preventing access to internal network resources. For detailed information about the vulnerability and remediation, refer to the GitHub Security Advisory GHSA-2wvg-62qm-gj33.
Workarounds
- Restrict pyLoad API access to trusted networks only using firewall rules
- Remove ADD permission from non-essential user accounts until the patch can be applied
- Deploy a reverse proxy in front of pyLoad that filters requests containing dangerous URL schemes
- Implement network segmentation to isolate pyLoad from sensitive internal resources and cloud metadata services
# Example iptables rules to block pyLoad from accessing internal networks and metadata
# Block access to cloud metadata endpoints
iptables -A OUTPUT -m owner --uid-owner pyload -d 169.254.169.254 -j DROP
# Block access to private IP ranges
iptables -A OUTPUT -m owner --uid-owner pyload -d 10.0.0.0/8 -j DROP
iptables -A OUTPUT -m owner --uid-owner pyload -d 172.16.0.0/12 -j DROP
iptables -A OUTPUT -m owner --uid-owner pyload -d 192.168.0.0/16 -j DROP
iptables -A OUTPUT -m owner --uid-owner pyload -d 127.0.0.0/8 -j DROP
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
