Lucene search
K

Python Library yt-dlp < 2026.6.9 Multiple Vulnerabilities

🗓️ 19 Jun 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 9 Views

yt-dlp before 2026.6.9 allows remote arbitrary file writes and possible code execution via aria2c.

Related
Refs
Code
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(321527);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/07/03");

  script_cve_id("CVE-2026-50023", "CVE-2026-50574");
  script_xref(name:"IAVB", value:"2026-B-0168");

  script_name(english:"Python Library yt-dlp < 2026.6.9 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"A Python library installed on the remote host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The detected version of the yt-dlp Python package is prior to 2026.6.9. It is, therefore, affected by multiple
vulnerabilities:

  - A vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files (such
    as .desktop, .url, .webloc) to the user's filesystem, bypassing the remediation for CVE-2024-38519.
    (CVE-2026-50023)

  - If aria2c is used as an external downloader for a fragmented manifest format (such as an HLS/DASH stream),
    yt-dlp passes insufficiently sanitized input to aria2c that allows an attacker to perform an arbitrary file
    write. On Windows platforms, this can lead to immediate arbitrary code execution. On non-Windows platforms,
    this can lead to arbitrary code execution upon the next invocation of yt-dlp. (CVE-2026-50574)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported
version number.");
  script_set_attribute(attribute:"see_also", value:"https://advisories.gitlab.com/pypi/yt-dlp/CVE-2026-50023/");
  script_set_attribute(attribute:"see_also", value:"https://advisories.gitlab.com/pypi/yt-dlp/CVE-2026-50574/");
  script_set_attribute(attribute:"solution", value:
"Upgrade to yt-dlp version 2026.6.9 or later.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-50574");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/06/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/06/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/06/19");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"asset_categories", value:"component");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:yt-dlp_project:yt-dlp");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("python_packages_installed_nix.nbin", "python_packages_win_installed.nbin");
  script_require_ports("Host/nix/Python/Packages/Enumerated", "Host/win/Python/Packages/Enumerated");

  exit(0);
}

include('python.inc');

var pkg = 'yt-dlp';

var libs = python::get_package_info(pkg_name:pkg, cpe:"cpe:/a:yt-dlp_project:yt-dlp");

if (empty_or_null(libs))
  audit(AUDIT_NOT_INST, pkg);

vcf::check_all_backporting(app_info:libs);

var constraints = [
  { 'fixed_version' : '2026.6.9' }
];

vcf::check_version_and_report(
  app_info:libs,
  constraints:constraints,
  severity:SECURITY_HOLE
);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

03 Jul 2026 00:00Current
6.7Medium risk
Vulners AI Score6.7
CVSS 3.18.3 - 9.6
EPSS0.00555
SSVC
9