5 matches found
DEBIAN-CVE-2026-26331
yt-dlp is a command-line audio/video downloader. Starting in version 2023.06.21 and prior to version 2026.02.21, when yt-dlp's --netrc-cmd command-line option or netrccmd Python API parameter is used, an attacker could achieve arbitrary command injection on the user's system with a maliciously...
CVE-2026-26331
yt-dlp is a command-line audio/video downloader. Starting in version 2023.06.21 and prior to version 2026.02.21, when yt-dlp's --netrc-cmd command-line option or netrccmd Python API parameter is used, an attacker could achieve arbitrary command injection on the user's system with a maliciously...
CVE-2026-26331
yt-dlp suffers an arbitrary command injection when using --netrc-cmd (or netrc_cmd) with a malicious URL. Affected versions are from 2023.06.21 up to, but not including, 2026.02.21; the fix in 2026.02.21 validates all netrc machine values and raises on unexpected input. The vulnerability can be e...
CVE-2026-26331
yt-dlp is a command-line audio/video downloader. Starting in version 2023.06.21 and prior to version 2026.02.21, when yt-dlp's --netrc-cmd command-line option or netrccmd Python API parameter is used, an attacker could achieve arbitrary command injection on the user's system with a maliciously...
Fedora 45 : yt-dlp (2026-3d6da3d46f)
The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3d6da3d46f advisory. Automatic update for yt-dlp-2026.02.21-1.fc45. Changelog Tue Feb 24 2026 Maxwell G - 2026.02.21-1 - Update to 2026.02.21. Fixes rhbz2441709. - Mitigates...