CVE-2026-23837

MyTube is a self-hosted downloader and player for several video websites. A vulnerability present in version 1.7.65 and poetntially earlier versions allows unauthenticated users to bypass the mandatory authentication check in the roleBasedAuthMiddleware. By simply not providing an authentication...

CVE-2026-23837

CVE-2026-23837 affects MyTube where an authentication bypass in the roleBasedAuthMiddleware allows unauthenticated requests (req.user undefined) to pass to downstream handlers, enabling access/modification of settings via /api/settings for all users with loginEnabled: true. Affected versions incl...

CVE-2026-23837 MyTube has an Authorization Bypass vulnerability

MyTube is a self-hosted downloader and player for several video websites. A vulnerability present in version 1.7.65 and poetntially earlier versions allows unauthenticated users to bypass the mandatory authentication check in the roleBasedAuthMiddleware. By simply not providing an authentication...

PT-2026-3495

Name of the Vulnerable Software and Affected Versions MyTube versions prior to 1.7.66 Description MyTube is a self-hosted downloader and player for several video websites. A flaw allows unauthenticated users to bypass the authentication check in the roleBasedAuthMiddleware. By not providing an...