CVE-2026-46561: pyLoad SSRF Bypass via HTTP Redirect – Exploit, Fix, Detection
pyLoad, a popular open-source download manager, contains a vulnerability that allows authenticated users to bypass security controls designed to prevent access to internal networks. Specifically, an attacker can craft a specially designed URL that initially appears safe but redirects to a private IP address after the security check passes. This lets the attacker potentially access or interact with systems on the internal network that should be off-limits. The issue affects versions prior to 0.5.0b3.dev100 and has been resolved in that release.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 5.0 MEDIUM · CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
- Weaknesses (CWE)
- CWE-918
- Affected products
- 0 configuration(s)
- Published / Modified
- 2026-05-28 / 2026-06-17
NVD description (verbatim)
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the PREREQFUNCTION-based private IP check was not applied to HTTPRequest (used by the parse_urls API). An authenticated attacker can supply a URL pointing to an attacker-controlled server that responds with a 302 redirect to an internal/private IP address, bypassing the is_global_host() check on the initial URL. This vulnerability is fixed in 0.5.0b3.dev100.
2 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
The vulnerability stems from inadequate application of private IP validation in pyLoad's HTTPRequest handler used by the parse_urls API. While pyLoad implements the is_global_host() function to restrict requests to global IP addresses and block private/internal IPs (CWE-918: Server-Side Request Forgery), this check is bypassed when an attacker-controlled server responds with an HTTP 302 redirect. The initial URL passes validation, but the HTTPRequest follows the redirect to an internal IP without re-validating the destination. This is a classic SSRF bypass pattern where the validation occurs at the wrong layer or at the wrong point in the request lifecycle.
Business impact
This vulnerability enables a limited form of internal network reconnaissance and potential lateral movement for authenticated users. An attacker with valid credentials could probe internal services, gather information about private infrastructure, or attempt to interact with internal APIs or databases. The impact is constrained by the fact that this requires authentication and the attacker gains only read-level access (according to the CVSS vector), but it does compromise the assumption that internal networks are isolated from download manager activity.
Affected systems
pyLoad versions prior to 0.5.0b3.dev100 are affected. The vulnerability is specific to the parse_urls API endpoint when used with the HTTPRequest handler. Any deployment using an earlier version in production where untrusted users have authentication credentials is at risk.
Exploitability
Exploitation requires valid authentication credentials to access the parse_urls API—this is not a pre-authentication vulnerability. An attacker must be an authenticated user of the pyLoad instance. The technical bar for crafting a malicious redirect is extremely low: any attacker-controlled HTTP server capable of responding with a 302 header can execute the attack. The vulnerability is deterministic and reliable once authentication is obtained. It is not listed on CISA's Known Exploited Vulnerabilities catalog, but the simplicity of the attack pattern means proof-of-concept development would be trivial.
Remediation
Update pyLoad to version 0.5.0b3.dev100 or later. This version includes a fix that applies private IP validation to redirected requests as well as initial requests. Organizations should verify the version of pyLoad in use and apply this update as part of routine patch management. For instances where immediate patching is not possible, network segmentation and firewall rules restricting pyLoad's outbound access to only necessary external services can serve as a compensating control.
Patch guidance
Upgrade to pyLoad 0.5.0b3.dev100 or any later release. Consult the pyLoad GitHub repository or official release notes to confirm availability and any breaking changes in the target version. Test the upgrade in a non-production environment first, particularly if you have custom download configurations or scripts that depend on the parse_urls API behavior. The fix involves tightening validation logic and should not break legitimate use cases, but validation testing is recommended before production deployment.
Detection guidance
Monitor logs for parse_urls API calls that include redirect responses (HTTP 302/301) originating from external URLs. Correlate these with network traffic to internal IP addresses. Look for patterns such as requests to attacker-controlled domains that resolve to external IPs, followed by connections to RFC 1918 private address space (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16). Inspect HTTPRequest handler logs for 'redirect' events in versions prior to the fix. Consider implementing network IDS/IPS rules to detect unusual outbound connections from pyLoad processes to internal IP addresses, which would be anomalous for a download manager in normal operation.
Why prioritize this
Although this vulnerability carries a CVSS score of 5.0 (medium) and requires authentication, it represents a meaningful compromise of network security assumptions. SSRF vulnerabilities are frequently leveraged as stepping stones in multi-stage attacks, particularly in environments where internal systems lack secondary authentication or are assumed to be trusted. The low barrier to exploitation (simple HTTP redirect) and the fact that it is not yet widely known increase the risk. Prioritize patching if pyLoad is deployed in environments with valuable internal services or if the instance is accessible to a large or untrusted user base.
Risk score, explained
The CVSS 3.1 score of 5.0 reflects: (1) network-accessible attack vector, (2) low complexity, (3) requirement for prior authentication (lowering severity), (4) changed scope (affecting confidentiality of other systems), and (5) low confidentiality impact. The score appropriately captures that this is not a critical vulnerability but is more than minor—it bypasses a security control, affects system scope, and requires only basic technical sophistication to exploit. The lack of availability or integrity impact keeps it from a higher rating, but the SSRF nature warrants attention.
Frequently asked questions
If I don't run the parse_urls API, am I affected?
The vulnerability is specific to the parse_urls API endpoint. If your pyLoad instance does not expose or use this API, you are not directly affected. However, if you are unsure, upgrading is the safest approach, as the fix has no negative impact on standard download functionality.
Can this vulnerability be exploited without authentication?
No. The vulnerability requires a valid authenticated session to access the parse_urls API. It is not a pre-authentication or unauthenticated remote code execution vulnerability. If you restrict pyLoad access to trusted users only, your risk is significantly lower.
What is the difference between this and a traditional SSRF?
This is a textbook SSRF vulnerability, but it exploits a timing or location issue in validation. Instead of bypassing the check outright, the attacker leverages HTTP redirects to reach the internal network after the initial validation passes. The underlying attack category and impact are the same: unauthorized access to internal resources.
Is there a workaround if I can't patch immediately?
Yes. Implement strict outbound firewall rules that prevent pyLoad from connecting to RFC 1918 private address space or other internal networks. Restrict parse_urls API access to only trusted administrators. These are temporary measures and should not replace a timely upgrade.
This analysis is based on publicly available information current as of the publication date. CVSS scores and severity ratings are provided by the National Vulnerability Database and reflect standardized metrics; actual risk in your environment may differ based on network configuration, authentication controls, and asset criticality. No active exploit code or weaponized proofs-of-concept are provided. Organizations are advised to validate patch applicability and test in non-production environments before deployment. SEC.co makes no warranty regarding the completeness or currency of this information; refer to the official pyLoad project and NIST NVD for authoritative guidance. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Weaknesses (CWE)
Related vulnerabilities
- CVE-2026-10052MEDIUMQuay SSRF in LDAP/SMTP Validation—Internal Network Reconnaissance Risk
- CVE-2026-10177MEDIUMSSRF in Aider-AI Aider 0.86.3 AWS Metadata Endpoint
- CVE-2026-10239MEDIUMJeecgBoot Server-Side Request Forgery (SSRF) in Word Editing Module
- CVE-2026-10240MEDIUMJeecgBoot SSRF Vulnerability in /airag/airagModel/test Endpoint
- CVE-2026-10241MEDIUMJimuReport SSRF in File Download Function – Patch to 3.9.2
- CVE-2026-10274MEDIUMServer-Side Request Forgery in aem-mcp-server
- CVE-2026-10276MEDIUMJenkins-server-mcp SSRF Vulnerability (0.1.0)
- CVE-2026-10517MEDIUMClair SSRF Vulnerability – Unfiltered HTTP Requests Leak Metadata