170 matches found
ROOT-APP-PYPI-CVE-2026-26331 CVE-2026-26331 in rootio-yt-dlp - Patched by Root
Root has patched CVE-2026-26331 in the rootio-yt-dlp package for Root:PyPI. Multiple fixed versions available...
GHSA-3H23-7824-PJ8R ArchiveBox Vulnerable to RCE via unvalidated per-crawl config overrides in AddView
The /add/ endpoint AddView in core/views.py accepts a config JSON field that gets merged into the crawl config without validation. This config is exported as environment variables when archive plugins run, allowing injection of arbitrary tool arguments to achieve RCE. When PUBLICADDVIEW=True comm...
Mageia: Security Advisory (MGASA-2026-0054)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated yt-dlp packages fix security vulnerability
When yt-dlp's --netrc-cmd command-line option or netrccmd Python API parameter is used, an attacker could achieve arbitrary command injection on the user's system with a maliciously crafted URL...
MGASA-2026-0054 Updated yt-dlp packages fix security vulnerability
When yt-dlp's --netrc-cmd command-line option or netrccmd Python API parameter is used, an attacker could achieve arbitrary command injection on the user's system with a maliciously crafted URL...
PT-2026-24643
When yt-dlp's --netrc-cmd command-line option or netrc cmd Python API parameter is used, an attacker could achieve arbitrary command injection on the user's system with a maliciously crafted URL...
Fedora 42 : yt-dlp (2026-7d3c7180c7)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-7d3c7180c7 advisory. - Update to 2026.02.21. Fixes rhbz2441709. - Mitigates CVE-2026-26331 / GHSA-g3gw-q23r-pgqm rhbz2442244 Tenable has extracted the preceding description block...
Fedora 44 : yt-dlp (2026-937e768833)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-937e768833 advisory. - Update to 2026.02.21. Fixes rhbz2441709. - Mitigates CVE-2026-26331 / GHSA-g3gw-q23r-pgqm rhbz2442244 ---- Sat Feb 21 2026 Dominik 'Rathann'...
Fedora: Security Advisory (FEDORA-2026-7d3c7180c7)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 43 : yt-dlp (2026-d86b88630b)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-d86b88630b advisory. - Update to 2026.02.21. Fixes rhbz2441709. - Mitigates CVE-2026-26331 / GHSA-g3gw-q23r-pgqm rhbz2442244 Tenable has extracted the preceding description block...
[SECURITY] Fedora 43 Update: yt-dlp-2026.02.21-1.fc43
yt-dlp is a command-line program to download videos from many different online video platforms, such as youtube.com. The project is a fork of youtube-dl with additional features and fixes...
SUSE CVE-2026-26331
yt-dlp is a command-line audio/video downloader. Starting in version 2023.06.21 and prior to version 2026.02.21, when yt-dlp's --netrc-cmd command-line option or netrccmd Python API parameter is used, an attacker could achieve arbitrary command injection on the user's system with a maliciously...
Fedora: Security Advisory (FEDORA-2026-d86b88630b)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Linux Distros Unpatched Vulnerability : CVE-2026-26331
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - yt-dlp is a command-line audio/video downloader. Starting in version 2023.06.21 and prior to version 2026.02.21, when yt-dlp's --netrc-cmd command-line option o...
CVE-2026-26331
A flaw was found in yt-dlp, a command-line audio/video downloader. When the --netrc-cmd command-line option is enabled, a remote attacker can exploit a maliciously crafted URL to achieve arbitrary command injection. This allows the attacker to execute unauthorized commands on the user's system,...
CVE-2026-26331
yt-dlp is a command-line audio/video downloader. Starting in version 2023.06.21 and prior to version 2026.02.21, when yt-dlp's --netrc-cmd command-line option or netrccmd Python API parameter is used, an attacker could achieve arbitrary command injection on the user's system with a maliciously...
DEBIAN-CVE-2026-26331
yt-dlp is a command-line audio/video downloader. Starting in version 2023.06.21 and prior to version 2026.02.21, when yt-dlp's --netrc-cmd command-line option or netrccmd Python API parameter is used, an attacker could achieve arbitrary command injection on the user's system with a maliciously...
UBUNTU-CVE-2026-26331
yt-dlp is a command-line audio/video downloader. Starting in version 2023.06.21 and prior to version 2026.02.21, when yt-dlp's --netrc-cmd command-line option or netrccmd Python API parameter is used, an attacker could achieve arbitrary command injection on the user's system with a maliciously...
CVE-2026-26331 yt-dlp: Arbitrary Command Injection when using the `--netrc-cmd` option
yt-dlp is a command-line audio/video downloader. Starting in version 2023.06.21 and prior to version 2026.02.21, when yt-dlp's --netrc-cmd command-line option or netrccmd Python API parameter is used, an attacker could achieve arbitrary command injection on the user's system with a maliciously...
CVE-2026-26331 yt-dlp: Arbitrary Command Injection when using the `--netrc-cmd` option
yt-dlp is a command-line audio/video downloader. Starting in version 2023.06.21 and prior to version 2026.02.21, when yt-dlp's --netrc-cmd command-line option or netrccmd Python API parameter is used, an attacker could achieve arbitrary command injection on the user's system with a maliciously...