QwikSec

Security Database

CVE

CWE

Training

CVE-2026-24139

Published: Jan 23, 2026

Modified: Jan 26, 2026

PUBLISHED

Description

MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below do not safeguard against authorization bypass, allowing guest users to download the complete application database. The application fails to properly validate user permissions on the database export endpoint, enabling low-privileged users to access sensitive data they should not have permission to view.

Vendor	Product	Versions
franklioxygen	MyTube	affected `< 1.7.79`

Weaknesses (CWE)

References

https://github.com/franklioxygen/MyTube/security/advisories/GHSA-hhc3-8q8c-89q7

x_refsource_CONFIRM

https://github.com/franklioxygen/MyTube/commit/e271775e27d51b26e54731b7b874447f47a1f280

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.