CVE-2026-24139

Sažetak

MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below do not safeguard against authorization bypass, allowing guest users to download the complete application database. The application fails to properly validate user permissions on the database export endpoint, enabling low-privileged users to access sensitive data they should not have permission to view.

Reference

https://github.com/franklioxygen/MyTube/commit/e271775e27d51b26e54731b7b874447f47a1f280
https://github.com/franklioxygen/MyTube/security/advisories/GHSA-hhc3-8q8c-89q7

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

24-01-2026 - 00:15

Objavljeno

24-01-2026 - 00:15