Cyber Resilience

CVE-2026-35187

HighPublic PoC

Published: 06 April 2026

Published
06 April 2026
Modified
20 April 2026
KEV Added
Patch
CVSS Score v3.1 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
EPSS Score 0.0027 18.4th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-35187 is a high-severity SSRF (CWE-918) vulnerability in Pyload-Ng Project Pyload-Ng. Its CVSS base score is 7.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 18.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-35187 is a server-side request forgery (SSRF) vulnerability in pyLoad, a free and open-source download manager written in Python. It affects versions 0.5.0b3.dev96 and earlier, specifically the parse_urls API function in src/pyload/core/api/__init__.py. This function fetches arbitrary URLs server-side using get_url(url) from pycurl without URL validation, protocol restrictions, or IP blacklists, enabling unauthorized access to resources beyond the intended scope. The vulnerability carries a CVSS v3.1 base score of 7.7 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N) and is associated with CWE-918.

An authenticated user with ADD permission can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Attackers can make HTTP/HTTPS requests to internal network resources and cloud metadata endpoints, read local files server-side via the file:// protocol, interact with internal services using gopher:// and dict:// protocols, and enumerate file existence through error-based oracles (distinguishing error 37 from empty responses). This results in high confidentiality impact in a scoped environment, allowing broad internal reconnaissance and data exfiltration.

The GitHub security advisory (GHSA-2wvg-62qm-gj33) and associated commit (4032e57d61d8f864e39f4dcfdb567527a50a9e1f) detail the patch, which adds URL validation and restrictions to prevent arbitrary fetches. Security practitioners should upgrade to a version beyond 0.5.0b3.dev96 incorporating this fix and review access controls for the parse_urls API to limit ADD permissions.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, the parse_urls API function in src/pyload/core/api/__init__.py fetches arbitrary URLs server-side via get_url(url) (pycurl) without any URL validation, protocol restriction, or IP blacklist. An authenticated user…

more

with ADD permission can make HTTP/HTTPS requests to internal network resources and cloud metadata endpoints, read local files via file:// protocol (pycurl reads the file server-side), interact with internal services via gopher:// and dict:// protocols, and enumerate file existence via error-based oracle (error 37 vs empty response).

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1552.005 Cloud Instance Metadata API Credential Access
Adversaries may attempt to access the Cloud Instance Metadata API to collect credentials and other sensitive data.
T1018 Remote System Discovery Discovery
Adversaries may attempt to get a listing of other systems by IP address, hostname, or other logical identifier on a network that may be used for Lateral Movement from the current system.
T1046 Network Service Discovery Discovery
Adversaries may attempt to get a listing of services running on remote hosts and local network infrastructure devices, including those that may be vulnerable to remote software exploitation.
Why these techniques?

SSRF in pyLoad parse_urls enables T1190 (exploiting the public API), T1005 (file:// local file reads), T1522 (cloud metadata access), T1018 (internal remote system probing), and T1046 (network service interaction via arbitrary protocols).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-35459Same product: Pyload-Ng Project Pyload-Ng
CVE-2026-42313Same product: Pyload-Ng Project Pyload-Ng
CVE-2026-35463Same product: Pyload-Ng Project Pyload-Ng
CVE-2026-29778Same product: Pyload-Ng Project Pyload-Ng
CVE-2025-54802Same product: Pyload-Ng Project Pyload-Ng
CVE-2026-42315Same product: Pyload-Ng Project Pyload-Ng
CVE-2026-33511Same product: Pyload-Ng Project Pyload-Ng
CVE-2026-33509Same product: Pyload-Ng Project Pyload-Ng
CVE-2026-35037Shared CWE-918
CVE-2026-41461Shared CWE-918

Affected Assets

pyload-ng project
pyload-ng
≤ 0.5.0b3.dev97

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Mandates validation of URL inputs to the parse_urls API to block arbitrary fetches to internal resources, local files, or unsupported protocols like file:// and gopher://.

prevent

Restricts URL inputs to only permitted protocols, hosts, and schemes, preventing SSRF exploitation via unauthorized internal network access or cloud metadata endpoints.

prevent

Requires timely patching of the SSRF flaw in pyLoad versions up to 0.5.0b3.dev96 by applying the fix that implements URL validation and restrictions.

References