CVE-2026-35459 Overview
CVE-2026-35459 is a Server-Side Request Forgery (SSRF) vulnerability in pyLoad, a free and open-source download manager written in Python. The vulnerability exists in versions 0.5.0b3.dev96 and earlier where the SSRF fix implemented for CVE-2026-33992 can be bypassed through HTTP redirects. While IP validation was added to BaseDownloader.download() to check the hostname of initial download URLs, the underlying pycurl library is configured with FOLLOWLOCATION=1 and MAXREDIRS=10, causing it to automatically follow HTTP redirects without validating redirect targets against the SSRF filter.
Critical Impact
An authenticated user with ADD permission can exploit this vulnerability to perform server-side requests to internal network addresses by submitting a URL that redirects to an internal address, potentially accessing sensitive internal services or data.
Affected Products
- pyLoad version 0.5.0b3.dev96 and earlier
Discovery Timeline
- 2026-04-06 - CVE CVE-2026-35459 published to NVD
- 2026-04-07 - Last updated in NVD database
Technical Details for CVE-2026-35459
Vulnerability Analysis
This vulnerability represents an incomplete fix for a previous SSRF vulnerability (CVE-2026-33992). The original patch added IP validation to prevent users from submitting URLs pointing to internal network addresses. However, the fix only validates the initial URL and fails to account for HTTP redirects that pycurl automatically follows.
The attack requires an authenticated user with ADD permission, but once that threshold is met, the attacker can completely bypass the SSRF protections. The impact is significant as it allows access to internal services that should not be reachable from the download manager, potentially exposing sensitive data, internal APIs, or cloud metadata endpoints.
Root Cause
The root cause is the incomplete validation of URL targets in the HTTP download chain. The BaseDownloader.download() function validates the hostname of the initial URL against the SSRF filter, but pycurl is configured to automatically follow up to 10 redirects (FOLLOWLOCATION=1, MAXREDIRS=10). These redirect targets are never validated, allowing an attacker to craft an external URL that redirects to internal addresses like 169.254.169.254 (cloud metadata), localhost, or other private IP ranges.
Attack Vector
The attack is network-based and requires low complexity to execute. An authenticated attacker with ADD permission can:
- Host a malicious URL on an external server that returns an HTTP redirect (301/302) to an internal address
- Submit this external URL through pyLoad's download interface
- pyLoad validates the external hostname (which passes the SSRF filter)
- pycurl follows the redirect to the internal address without validation
- The attacker receives the response from the internal service
The security patch addresses this by adding an allow_private_ip flag to the HTTP chunk handling:
self.code = 0 #: last http code, set by parent
+ self.allow_private_ip = False
self.aborted = False # indicates that the chunk aborted gracefully
self.c = pycurl.Curl()
Source: GitHub Commit 33c55da
The patch also adds URL parsing capabilities to properly validate redirect targets:
import os
import time
+import urllib
from logging import getLogger
import pycurl
from pyload import APPID
-from ..exceptions import Abort
+from ..exceptions import Abort, Fail
from .http_chunk import ChunkInfo, HTTPChunk
from .http_request import BadHeader
Source: GitHub Commit 33c55da
Detection Methods for CVE-2026-35459
Indicators of Compromise
- Unexpected outbound connections from the pyLoad server to external URLs followed by internal network requests
- Download requests containing URLs that result in HTTP 3xx redirects to private IP ranges
- Unusual access patterns to cloud metadata endpoints (e.g., 169.254.169.254) or internal services from the pyLoad process
Detection Strategies
- Monitor pyLoad server logs for download attempts that trigger redirects, particularly those with external initial URLs
- Implement network monitoring to detect connections from pyLoad to internal IP ranges that weren't explicitly requested
- Deploy egress filtering alerts for pyLoad server processes attempting to access sensitive internal endpoints
Monitoring Recommendations
- Enable detailed logging for all download requests including redirect chains
- Set up alerts for pyLoad processes connecting to RFC1918 private address spaces or link-local addresses
- Monitor for unusual patterns in ADD permission usage by authenticated users
How to Mitigate CVE-2026-35459
Immediate Actions Required
- Update pyLoad to a version containing commit 33c55da084320430edfd941b60e3da0eb1be9443 or later
- Review user accounts with ADD permission and restrict to trusted users only
- Implement network segmentation to limit pyLoad server access to internal resources
Patch Information
The vulnerability has been addressed in the pyLoad repository. Users should apply the security patch available at the GitHub commit 33c55da. For detailed information about the vulnerability, refer to the GitHub Security Advisory GHSA-7gvf-3w72-p2pg.
Workarounds
- Restrict ADD permission to only highly trusted users until the patch can be applied
- Deploy a reverse proxy or firewall rules that prevent the pyLoad server from making connections to internal network ranges
- Disable or limit HTTP redirect following at the network level if operationally feasible
# Example: Block pyLoad server from accessing internal networks via iptables
# Replace pyload_user with the actual user running pyLoad
iptables -A OUTPUT -m owner --uid-owner pyload_user -d 10.0.0.0/8 -j DROP
iptables -A OUTPUT -m owner --uid-owner pyload_user -d 172.16.0.0/12 -j DROP
iptables -A OUTPUT -m owner --uid-owner pyload_user -d 192.168.0.0/16 -j DROP
iptables -A OUTPUT -m owner --uid-owner pyload_user -d 169.254.0.0/16 -j DROP
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
