CVE-2026-41133

Name of the Vulnerable Software and Affected Versions pyLoad versions prior to 0.5.0b3.dev98

Description An issue exists where role and permission are cached in the session during login. The system continues to authorize requests using these cached values even after an administrator modifies the user's role or permissions in the database. This allows a logged-in user to retain revoked privileges until the session expires or they log out, enabling continued unauthorized privileged actions.

Recommendations Update to a version that includes commit e95804fb0d06cbb07d2ba380fc494d9ff89b68c1.