CVE-2026-32808

Name of the Vulnerable Software and Affected Versions pyLoad versions prior to 0.5.0b3.dev97

Description pyLoad, a free and open-source download manager written in Python, is affected by a path traversal issue. This occurs during password verification of specific encrypted 7z archives – those encrypted with non-encrypted headers. The issue allows for arbitrary file deletion outside of the intended extraction directory. The software derives an archive entry name from 7z listing output and incorrectly treats it as a filesystem path without restricting it to the extraction directory.

Recommendations Update to version 0.5.0b3.dev97 or later.