GHSA-48rp-jc79-2264: pyLoad CNL Blueprint allows Path Traversal through `dlc_path` which leads to Remote Code Execution (RCE)

August 4, 2025

Path Traversal in pyLoad-ng CNL Blueprint via package parameter allows Arbitrary File Write leading to Remote Code Execution (RCE) The addcrypted endpoint in pyload-ng suffers from an unsafe path construction vulnerability, allowing unauthenticated attackers to write arbitrary files outside the designated storage directory. This can be abused to overwrite critical system files, including cron jobs and systemd services, leading to privilege escalation and remote code execution as root.

References

github.com/advisories/GHSA-48rp-jc79-2264
github.com/pyload/pyload
github.com/pyload/pyload/commit/70a44fe02c03bce92337b5d370d2a45caa4de3d4
github.com/pyload/pyload/pull/4596
github.com/pyload/pyload/security/advisories/GHSA-48rp-jc79-2264

Code Behaviors & Features

Detect and mitigate GHSA-48rp-jc79-2264 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →