What is CVE-2026-50023?

CVE-2026-50023 is a high-severity vulnerability in Yt-dlp, classified under Improper Restriction of Names for Files and Other Resources. CVSS score: 8.3/10. Published 2026-06-23.

How severe is CVE-2026-50023?

High severity. CVSS v3 base score is 8.3 out of 10.

Vulnerability in Yt-dlp

CVE-2026-50023

yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, a vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files (such as .desktop, .url, .webloc) to the user's filesystem, bypassing…

CVSS v3 metric

CVSS v3 base score 8.3 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H.

Affected products

Yt-dlp — versions < 2026.06.09

Weakness classification (CWE)

CWE-641 — Improper Restriction of Names for Files and Other Resources

References

security-advisories@github.com (x_refsource_CONFIRM)
security-advisories@github.com (x_refsource_MISC)
security-advisories@github.com (x_refsource_MISC)
security-advisories@github.com (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-50023?: CVE-2026-50023 is a high-severity vulnerability in Yt-dlp, classified under Improper Restriction of Names for Files and Other Resources. CVSS score: 8.3/10. Published 2026-06-23.
How severe is CVE-2026-50023?: High severity. CVSS v3 base score is 8.3 out of 10.