Vulnerability in Franklioxygen Mytube

CVE-2026-33890

MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.71, an unauthenticated attacker can register an arbitrary passkey and subsequently authenticate with it to obtain a full admin session. The appli…

EPSS: 0.004 (61.9th percentile) — read the EPSS interpretation.

Affected products

Franklioxygen Mytube — versions < 1.8.71

Weakness classification (CWE)

CWE-284 — Improper Access Control

References

https://github.com/franklioxygen/MyTube/security/advisories/GHSA-378w-xh68-qrc8 (x_refsource_CONFIRM)
https://github.com/franklioxygen/MyTube/commit/d6c1275a7ff7ffd3d51b53c333237f4d572580ac (x_refsource_MISC)