PT-2026-29598 · Google+4 · Google Cloud Storage+4

Denolf

Published

2026-04-01

Updated

2026-04-02

CVE-2026-34750

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Payload versions prior to 3.78.0

Description The client-upload signed-URL endpoints for S3, GCS, Azure, and R2 did not properly sanitize filenames. An attacker could craft filenames to escape the intended storage location.

Recommendations Upgrade to version 3.78.0 or later.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2026-34750

GHSA-FRQ9-7J6G-V74X

Affected Products

Amazon S3

Azure

Google Cloud Storage

Pyload

PT-2026-29598 · Google+4 · Google Cloud Storage+4

CVE-2026-34750

Weakness Enumeration

Related Identifiers

Affected Products

References · 5