PT-2026-29594 · Pyload · Pyload

Denolfe

Published

2026-04-01

Updated

2026-04-02

CVE-2026-34746

CVSS v3.1

7.7

High

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Payload versions prior to 3.79.1

Description A Server-Side Request Forgery (SSRF) vulnerability exists in the upload functionality. Authenticated users with create or update access to an upload-enabled collection could cause the server to make outbound HTTP requests to arbitrary URLs.

Recommendations Upgrade to version 3.79.1 or later.

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2026-34746

GHSA-6R7F-Q7F5-WPX8

Affected Products

Pyload

PT-2026-29594 · Pyload · Pyload

CVE-2026-34746

Weakness Enumeration

Related Identifiers

Affected Products

References · 7