CVE-2026-24139

High CVSS: 8.7

MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below do not safeguard against authorization bypass, allowing guest users to download the complete application database. The application fails to properly validate user permissions on the database export endpoint, enabling low-privileged users to access sensitive data they should not have permission to view.

Vendor

Franklioxygen

Product

Mytube

CWE

CWE-862

Yayın Tarihi

2026-01-24 00:15:49

Güncelleme

2026-02-02 13:26:40

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-862 Mytube HIGH Franklioxygen 2026

Referanslar

https://github.com/franklioxygen/MyTube/commit/e271775e27d51b26e54731b7b874447f47a1f280 https://github.com/franklioxygen/MyTube/security/advisories/GHSA-hhc3-8q8c-89q7

Benzer Kayıtlar

High

CVE-2026-33890

MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.71, an unauthenticated att…

High

CVE-2026-33935

MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.72, an unauthenticated att…

High

CVE-2026-33735

MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.69, an authorization bypas…

Low

CVE-2026-24140

MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below have a Mass Assignme…

Medium

CVE-2026-23848

MyTube is a self-hosted downloader and player for several video websites. Prior to version 1.7.71, a rate limiting bypas…

Critical

CVE-2026-23837

MyTube is a self-hosted downloader and player for several video websites. A vulnerability present in version 1.7.65 and…