5 matches found
CVE-2026-33890
MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.71, an unauthenticated attacker can register an arbitrary passkey and subsequently authenticate with it to obtain a full admin session. The application exposes passkey registration endpoints without...
CVE-2026-33890 MyTube has an Unauthenticated Admin Privilege Escalation via Passkey Registration
MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.71, an unauthenticated attacker can register an arbitrary passkey and subsequently authenticate with it to obtain a full admin session. The application exposes passkey registration endpoints without...
EUVD-2026-16519
MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.71, an unauthenticated attacker can register an arbitrary passkey and subsequently authenticate with it to obtain a full admin session. The application exposes passkey registration endpoints without...
CVE-2026-33890
MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.71, an unauthenticated attacker can register an arbitrary passkey and subsequently authenticate with it to obtain a full admin session. The application exposes passkey registration endpoints without...
CVE-2026-33890
CVE-2026-33890 is a pre-1.8.71 issue in MyTube (self-hosted downloader/player) where unauthenticated users can register an arbitrary passkey via exposed endpoints and then authenticate with that passkey to obtain a full admin session. The root cause is unauthenticated passkey registration that im...