What is CVE-2026-6218?

CVE-2026-6218 is a medium-severity vulnerability in Aandrew-me Ytdownloader, classified under Cross-site Scripting. CVSS score: 4.3/10. Published 2026-04-13.

How severe is CVE-2026-6218?

Medium severity. CVSS v3 base score is 4.3 out of 10.

RCE in Aandrew-me Ytdownloader

CVE-2026-6218

A vulnerability was found in aandrew-me ytDownloader up to 3.20.2. Affected by this issue is the function createTextNode of the component Error Details Panel. The manipulation results in cross site scripting. The attack may be performed fr…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (11.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:X/RL:X/RC:R.

Affected products

Aandrew-me Ytdownloader — versions 3.20.0, 3.20.1, 3.20.2

Weakness classification (CWE)

References

VDB-357139 | aandrew-me ytDownloader Error Details Panel createTextNode cross site scripting (vdb-entry, technical-description)
VDB-357139 | CTI Indicators (IOB, IOC, TTP, IOA) (signature, permissions-required)
Submit #785842 | Aandrew-me ytDownloader 3.20.2 Remote code execution via DOM XSS (third-party-advisory)
github.com/ngocnn97/security-advisories/blob/main/YtDownloader_XSS_To_RCE_PoC.m… (exploit)

Frequently asked questions

What is CVE-2026-6218?: CVE-2026-6218 is a medium-severity vulnerability in Aandrew-me Ytdownloader, classified under Cross-site Scripting. CVSS score: 4.3/10. Published 2026-04-13.
How severe is CVE-2026-6218?: Medium severity. CVSS v3 base score is 4.3 out of 10.