CVE-2026-35187

HighPublic PoC

Published: 06 April 2026

Published

06 April 2026

Modified

20 April 2026

KEV Added

—

Patch

—

CVSS Score 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

EPSS Score 0.0004 12.2th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-35187 is a high-severity SSRF (CWE-918) vulnerability in Pyload-Ng Project Pyload-Ng. Its CVSS base score is 7.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 12.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 4 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Mandates validation of URL inputs to the parse_urls API to block arbitrary fetches to internal resources, local files, or unsupported protocols like file:// and gopher://.

SI-9 Information Input Restrictions good match

prevent

Restricts URL inputs to only permitted protocols, hosts, and schemes, preventing SSRF exploitation via unauthorized internal network access or cloud metadata endpoints.

SI-2 Flaw Remediation good match

prevent

Requires timely patching of the SSRF flaw in pyLoad versions up to 0.5.0b3.dev96 by applying the fix that implements URL validation and restrictions.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1005 Data from Local System Collection

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

attack.mitre.org →

T1522 Cloud Instance Metadata API Credential Access

Adversaries may attempt to access the Cloud Instance Metadata API to collect credentials and other sensitive data.

attack.mitre.org →

T1018 Remote System Discovery Discovery

Adversaries may attempt to get a listing of other systems by IP address, hostname, or other logical identifier on a network that may be used for Lateral Movement from the current system.

attack.mitre.org →

T1046 Network Service Discovery Discovery

Adversaries may attempt to get a listing of services running on remote hosts and local network infrastructure devices, including those that may be vulnerable to remote software exploitation.

attack.mitre.org →

Why these techniques?

SSRF in pyLoad parse_urls enables T1190 (exploiting the public API), T1005 (file:// local file reads), T1522 (cloud metadata access), T1018 (internal remote system probing), and T1046 (network service interaction via arbitrary protocols).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, the parse_urls API function in src/pyload/core/api/__init__.py fetches arbitrary URLs server-side via get_url(url) (pycurl) without any URL validation, protocol restriction, or IP blacklist. An authenticated user…

with ADD permission can make HTTP/HTTPS requests to internal network resources and cloud metadata endpoints, read local files via file:// protocol (pycurl reads the file server-side), interact with internal services via gopher:// and dict:// protocols, and enumerate file existence via error-based oracle (error 37 vs empty response).

Deeper analysisAI

CVE-2026-35187 is a server-side request forgery (SSRF) vulnerability in pyLoad, a free and open-source download manager written in Python. It affects versions 0.5.0b3.dev96 and earlier, specifically the parse_urls API function in src/pyload/core/api/__init__.py. This function fetches arbitrary URLs server-side using get_url(url) from pycurl without URL validation, protocol restrictions, or IP blacklists, enabling unauthorized access to resources beyond the intended scope. The vulnerability carries a CVSS v3.1 base score of 7.7 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N) and is associated with CWE-918.

An authenticated user with ADD permission can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Attackers can make HTTP/HTTPS requests to internal network resources and cloud metadata endpoints, read local files server-side via the file:// protocol, interact with internal services using gopher:// and dict:// protocols, and enumerate file existence through error-based oracles (distinguishing error 37 from empty responses). This results in high confidentiality impact in a scoped environment, allowing broad internal reconnaissance and data exfiltration.

The GitHub security advisory (GHSA-2wvg-62qm-gj33) and associated commit (4032e57d61d8f864e39f4dcfdb567527a50a9e1f) detail the patch, which adds URL validation and restrictions to prevent arbitrary fetches. Security practitioners should upgrade to a version beyond 0.5.0b3.dev96 incorporating this fix and review access controls for the parse_urls API to limit ADD permissions.