109 matches found
Mageia: Security Advisory (MGASA-2026-0054)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated yt-dlp packages fix security vulnerability
When yt-dlp's --netrc-cmd command-line option or netrccmd Python API parameter is used, an attacker could achieve arbitrary command injection on the user's system with a maliciously crafted URL...
PT-2026-24643
When yt-dlp's --netrc-cmd command-line option or netrc cmd Python API parameter is used, an attacker could achieve arbitrary command injection on the user's system with a maliciously crafted URL...
Fedora 42 : yt-dlp (2026-7d3c7180c7)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-7d3c7180c7 advisory. - Update to 2026.02.21. Fixes rhbz2441709. - Mitigates CVE-2026-26331 / GHSA-g3gw-q23r-pgqm rhbz2442244 Tenable has extracted the preceding description block...
Fedora 44 : yt-dlp (2026-937e768833)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-937e768833 advisory. - Update to 2026.02.21. Fixes rhbz2441709. - Mitigates CVE-2026-26331 / GHSA-g3gw-q23r-pgqm rhbz2442244 ---- Sat Feb 21 2026 Dominik 'Rathann'...
Fedora: Security Advisory (FEDORA-2026-7d3c7180c7)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 43 : yt-dlp (2026-d86b88630b)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-d86b88630b advisory. - Update to 2026.02.21. Fixes rhbz2441709. - Mitigates CVE-2026-26331 / GHSA-g3gw-q23r-pgqm rhbz2442244 Tenable has extracted the preceding description block...
[SECURITY] Fedora 43 Update: yt-dlp-2026.02.21-1.fc43
yt-dlp is a command-line program to download videos from many different online video platforms, such as youtube.com. The project is a fork of youtube-dl with additional features and fixes...
Linux Distros Unpatched Vulnerability : CVE-2026-26331
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - yt-dlp is a command-line audio/video downloader. Starting in version 2023.06.21 and prior to version 2026.02.21, when yt-dlp's --netrc-cmd command-line option o...
DEBIAN-CVE-2026-26331
yt-dlp is a command-line audio/video downloader. Starting in version 2023.06.21 and prior to version 2026.02.21, when yt-dlp's --netrc-cmd command-line option or netrccmd Python API parameter is used, an attacker could achieve arbitrary command injection on the user's system with a maliciously...
UBUNTU-CVE-2026-26331
yt-dlp is a command-line audio/video downloader. Starting in version 2023.06.21 and prior to version 2026.02.21, when yt-dlp's --netrc-cmd command-line option or netrccmd Python API parameter is used, an attacker could achieve arbitrary command injection on the user's system with a maliciously...
CVE-2026-26331
yt-dlp suffers an arbitrary command injection when using --netrc-cmd (or netrc_cmd) with a malicious URL. Affected versions are from 2023.06.21 up to, but not including, 2026.02.21; the fix in 2026.02.21 validates all netrc machine values and raises on unexpected input. The vulnerability can be e...
CVE-2026-26331 yt-dlp: Arbitrary Command Injection when using the `--netrc-cmd` option
yt-dlp is a command-line audio/video downloader. Starting in version 2023.06.21 and prior to version 2026.02.21, when yt-dlp's --netrc-cmd command-line option or netrccmd Python API parameter is used, an attacker could achieve arbitrary command injection on the user's system with a maliciously...
CVE-2026-26331
yt-dlp is a command-line audio/video downloader. Starting in version 2023.06.21 and prior to version 2026.02.21, when yt-dlp's --netrc-cmd command-line option or netrccmd Python API parameter is used, an attacker could achieve arbitrary command injection on the user's system with a maliciously...
CVE-2026-26331 yt-dlp: Arbitrary Command Injection when using the `--netrc-cmd` option
yt-dlp is a command-line audio/video downloader. Starting in version 2023.06.21 and prior to version 2026.02.21, when yt-dlp's --netrc-cmd command-line option or netrccmd Python API parameter is used, an attacker could achieve arbitrary command injection on the user's system with a maliciously...
CVE-2026-26331 yt-dlp: Arbitrary Command Injection when using the `--netrc-cmd` option
yt-dlp is a command-line audio/video downloader. Starting in version 2023.06.21 and prior to version 2026.02.21, when yt-dlp's --netrc-cmd command-line option or netrccmd Python API parameter is used, an attacker could achieve arbitrary command injection on the user's system with a maliciously...
CVE-2026-26331
yt-dlp is a command-line audio/video downloader. Starting in version 2023.06.21 and prior to version 2026.02.21, when yt-dlp's --netrc-cmd command-line option or netrccmd Python API parameter is used, an attacker could achieve arbitrary command injection on the user's system with a maliciously...
amusing-app (>=0.2.0 <=0.4.2), arbi-tr-frontend (>=0.1.0 <=0.1.1) +126 more potentially affected by CVE-2026-26331 via yt-dlp (>=2023.6.22 <=2026.1.31)
yt-dlp PYPI version =2023.6.22, =0.2.0, =0.1.0, =2.0.0, =1.1.5, =0.1.7, =1.0.0, =1.0.0, =0.1.0, =2024.3.25, =1.1.1, =0.0.2, =0.1.16, =0.4.3, =0.4.4 and more Source cves: CVE-2026-26331 Source advisory: OSV:GHSA-G3GW-Q23R-PGQM...
yt-dlp: Arbitrary Command Injection when using the `--netrc-cmd` option
Summary When yt-dlp's --netrc-cmd command-line option or netrccmd Python API parameter is used, an attacker could achieve arbitrary command injection on the user's system with a maliciously crafted URL. Impact yt-dlp maintainers assume the impact of this vulnerability to be high for anyone who us...
GHSA-G3GW-Q23R-PGQM yt-dlp: Arbitrary Command Injection when using the `--netrc-cmd` option
Summary When yt-dlp's --netrc-cmd command-line option or netrccmd Python API parameter is used, an attacker could achieve arbitrary command injection on the user's system with a maliciously crafted URL. Impact yt-dlp maintainers assume the impact of this vulnerability to be high for anyone who us...