CVE-2026-35464 Overview
CVE-2026-35464 is an insecure deserialization vulnerability affecting pyLoad, a free and open-source download manager written in Python. This vulnerability represents a bypass of the incomplete fix for CVE-2026-33509, which had introduced an ADMIN_ONLY_OPTIONS set to prevent non-admin users from modifying security-critical configuration options. However, the storage_folder option was not included in this protected set, allowing attackers with SETTINGS and ADD permissions to exploit a dangerous path traversal and deserialization attack chain.
Critical Impact
Attackers with low-privileged user accounts can achieve arbitrary code execution by redirecting downloads to the Flask filesystem session store and planting a malicious pickle payload.
Affected Products
- pyLoad versions prior to commit c4cf995a2803bdbe388addfc2b0f323277efc0e1
Discovery Timeline
- 2026-04-07 - CVE-2026-35464 published to NVD
- 2026-04-08 - Last updated in NVD database
Technical Details for CVE-2026-35464
Vulnerability Analysis
This vulnerability exploits a gap in the security controls implemented to fix CVE-2026-33509. The original fix added an ADMIN_ONLY_OPTIONS set designed to block non-admin users from modifying security-critical configuration options. However, this protection was incomplete as it failed to include the storage_folder option within the restricted set.
The attack is possible because the Flask session directory resides outside both PKGDIR and userdir, effectively bypassing the existing path restriction mechanisms. This architectural oversight enables a multi-stage attack where an authenticated user with SETTINGS and ADD permissions can manipulate the download storage location to target the Flask session store.
The core issue relates to CWE-502 (Deserialization of Untrusted Data). Flask's filesystem-based session storage uses Python's pickle serialization format, which is known to be unsafe when processing untrusted data. By controlling where downloaded files are stored, an attacker can effectively inject arbitrary pickle payloads into the session directory with predictable filenames.
Root Cause
The root cause is the incomplete implementation of admin-only configuration restrictions. The storage_folder configuration option was not added to the ADMIN_ONLY_OPTIONS set, allowing lower-privileged users to modify this critical path setting. Combined with Flask's use of pickle for session serialization and the session directory being outside the protected path boundaries, this creates an exploitable deserialization vulnerability.
Attack Vector
The attack requires network access and an authenticated user account with SETTINGS and ADD permissions. The exploitation flow involves:
- Modifying the storage_folder configuration to point to Flask's filesystem session store directory
- Initiating a download that plants a malicious pickle payload as a session file with a predictable filename
- Sending an HTTP request with a crafted session cookie that references the planted malicious session file
- When Flask processes the request, it deserializes the malicious pickle payload, achieving arbitrary code execution
The security patch addresses this by expanding the protected configuration options:
:param value: new config value
:param section: 'plugin' or 'core
"""
+ try:
+ try:
+ user_info = flask.g.user_info
+ except AttributeError:
+ user_info = flask.session
+
+ # Attempt to access outside an active Flask request
+ except RuntimeError:
+ user_info = {"role": Role.ADMIN}
+ is_admin = user_info.get("role") == Role.ADMIN
- ADMIN_ONLY_OPTIONS = {
+ ADMIN_ONLY_CORE_OPTIONS = {
+ ("general", "storage_folder"),
+ ("log", "syslog_host"),
+ ("log", "syslog_port"),
+ ("proxy", "password"),
+ ("proxy", "username"),
("reconnect", "script"),
("webui", "host"),
- ("webui", "use_ssl"),
("webui", "ssl_cert"),
("webui", "ssl_key"),
- ("log", "syslog_host"),
- ("log", "syslog_port"),
- ("proxy", "username"),
- ("proxy", "password"),
Source: GitHub Commit Update
Detection Methods for CVE-2026-35464
Indicators of Compromise
- Unexpected modifications to the storage_folder configuration option by non-admin users
- Downloaded files appearing in Flask session storage directories
- Unusual session files with non-standard naming patterns in the session store
- Evidence of pickle deserialization errors or unexpected code execution in application logs
Detection Strategies
- Monitor configuration changes to the storage_folder setting, especially from users without admin privileges
- Implement file integrity monitoring on Flask session storage directories
- Review audit logs for users with SETTINGS and ADD permissions making configuration changes
- Deploy application-level logging to track all configuration modifications
Monitoring Recommendations
- Enable verbose logging for pyLoad configuration changes and correlate with user permission levels
- Set up alerts for any file write operations targeting the Flask session directory from the download process
- Monitor for anomalous HTTP requests with session cookies referencing newly created session files
How to Mitigate CVE-2026-35464
Immediate Actions Required
- Update pyLoad to a version containing commit c4cf995a2803bdbe388addfc2b0f323277efc0e1 or later
- Review user permissions and restrict SETTINGS and ADD privileges to trusted users only
- Audit configuration logs for any suspicious modifications to the storage_folder option
- Consider temporarily disabling the ability for non-admin users to modify configuration settings
Patch Information
The vulnerability is fixed in commit c4cf995a2803bdbe388addfc2b0f323277efc0e1. The patch expands the ADMIN_ONLY_OPTIONS set (renamed to ADMIN_ONLY_CORE_OPTIONS) to include the storage_folder option along with additional sensitive configuration parameters. Organizations should apply this fix by updating to the latest version of pyLoad from the official repository.
For detailed patch information, see the GitHub Commit Update and the related security advisories: GHSA-4744-96p5-mp2j and GHSA-r7mc-x6x7-cqxx.
Workarounds
- Restrict user permissions to ensure only fully trusted administrators have SETTINGS permissions
- Implement network segmentation to limit access to the pyLoad administrative interface
- Configure file system permissions to prevent the download process from writing to Flask session directories
- Consider switching Flask to use a database-backed session store instead of filesystem sessions
# Configuration example
# Restrict pyLoad to trusted network interfaces only
# In pyLoad configuration, ensure webui host binding is restricted:
# webui.host = 127.0.0.1
# Set restrictive file permissions on session directory
chmod 700 /path/to/flask/sessions
chown pyload:pyload /path/to/flask/sessions
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
