CVE-2026-24140

MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below have a Mass Assignment vulnerability in the settings management functionality due to insufficient input validation. The application's saveSettings function accepts arbitrary key-value pairs without...

MyTube security vulnerability

MyTube is a video self-hosted downloader and player developed by Peifan Li. Versions of MyTube prior to 1.7.78 contained security vulnerabilities, which stemmed from insufficient input validation in the settings management function. These vulnerabilities could lead to large-scale distribution...

CVE-2026-24140

CVE-2026-24140 involves a mass assignment vulnerability in MyTube (versions 1.7.78 and earlier) where the saveSettings() function accepts arbitrary key-value pairs and persists them to the database without validating property names. The underlying cause is input handling with Record and unfiltere...

CVE-2026-24140

MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below have a Mass Assignment vulnerability in the settings management functionality due to insufficient input validation. The application's saveSettings function accepts arbitrary key-value pairs without...

CVE-2026-24140 MyTube has Mass Assignment via Settings Management

MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below have a Mass Assignment vulnerability in the settings management functionality due to insufficient input validation. The application's saveSettings function accepts arbitrary key-value pairs without...

CVE-2026-24139

CVE-2026-24139 affects MyTube (versions 1.7.78 and earlier) and is caused by improper validation of user permissions on the database export endpoint, enabling guest/low-privilege users to bypass authorization and download the complete application database. RedHat, NVD, and PTSecurity sources conf...

CVE-2026-24139 MyTube Allows Unauthorized Database Export by Guest Users

MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below do not safeguard against authorization bypass, allowing guest users to download the complete application database. The application fails to properly validate user permissions on the database export...

CVE-2026-24139

MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below do not safeguard against authorization bypass, allowing guest users to download the complete application database. The application fails to properly validate user permissions on the database export...

PT-2026-4538

MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below have a Mass Assignment vulnerability in the settings management functionality due to insufficient input validation. The application's saveSettings function accepts arbitrary key-value pairs without...

PT-2026-4537

Name of the Vulnerable Software and Affected Versions MyTube versions 1.7.78 and below Description The MyTube application does not properly protect against authorization bypass, potentially allowing guest users to download the complete application database. The application does not validate user...