CVE-2026-33735 in MyTubeinfo

Zusammenfassung (Englisch)

MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.69, an authorization bypass in the `/api/settings/import-database` endpoint allows attackers with low-privilege credentials to upload and replace the application's SQLite database entirely, leading to a full compromise of the application. The bypass is relevant for other POST routes as well. Version 1.8.69 fixes the issue.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Zuständig

GitHub_M

Reservieren

23.03.2026

Veröffentlichung

27.03.2026

Status

Bestätigt

Einträge

VulDB provides additional information and datapoints for this CVE:

ID	Schwachstelle	CWE	Aus	Mas	CVE
353803	franklioxygen MyTube Setting import-database erweiterte Rechte	285	Nicht definiert	Offizieller Fix	CVE-2026-33735

Beschreibung

CPE

CWE

CVSS

Exploits

History

Diff

Verknüpfen

Threat Intelligence

API JSON

API XML

API CSV

Quellen

◂ ZurückÜbersichtWeiter ▸

Do you need the next level of professionalism?

Upgrade your account now!