CVE-2026-44226

Name of the Vulnerable Software and Affected Versions pyLoad versions prior to 0.5.0b3.dev100

Description The WebUI returns full Python traceback details to clients when unhandled exceptions occur. This happens because the endpoint "/web/path:filename" is accessible without authentication and renders template names controlled by the user. An unauthenticated user can trigger a server exception, such as by requesting a non-existent template, causing the server to include internal stack traces, source paths, and exception metadata in the HTTP response. This information disclosure allows remote clients to map internal application implementation details.

Recommendations Update to version 0.5.0b3.dev100.