Vulnerability in Franklioxygen Mytube

CVE-2026-33935

MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.72, an unauthenticated attacker can lock out administrator and visitor accounts from password-based authentication by triggering failed login att…

EPSS: 0.008 (74.3th percentile) — read the EPSS interpretation.

Affected products

Franklioxygen Mytube — versions < 1.8.72

Weakness classification (CWE)

CWE-307 — Improper Restriction of Excessive Authentication Attempts

References

https://github.com/franklioxygen/MyTube/security/advisories/GHSA-6w95-qgc4-5jxf (x_refsource_CONFIRM)
https://github.com/franklioxygen/MyTube/commit/4d89b146b16d08f27d8fd3e0a9122b109335deb1 (x_refsource_MISC)
https://github.com/franklioxygen/MyTube/commit/752bc7f0ac83df8c881e6b6d5dd6f36bb274ee58 (x_refsource_MISC)
https://github.com/franklioxygen/MyTube/commit/dd7b4a611fcc5b25a569f379be9a503eb413b6aa (x_refsource_MISC)
https://github.com/franklioxygen/MyTube/blob/941035909ee3f96a6f80f38acf70cbc3e66b5098/backend/src/services/loginAttemptService.ts#L13 (x_refsource_MISC)