Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.4
MyTube: Unauthorized Access to Configuration Data
CVE-2026-33735
Summary
Prior to version 1.8.69, a security weakness in MyTube allows attackers to access sensitive configuration data and potentially take control of the application. This weakness is fixed in version 1.8.69, so update to this version or later to protect your MyTube installation. If you're running an earlier version, take steps to secure your application as soon as possible.
Original title
MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.69, an authorization bypass in the `/api/settings/import-database` endpoint allows attackers with low-p...
Original description
MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.69, an authorization bypass in the `/api/settings/import-database` endpoint allows attackers with low-privilege credentials to upload and replace the application's SQLite database entirely, leading to a full compromise of the application. The bypass is relevant for other POST routes as well. Version 1.8.69 fixes the issue.
nvd CVSS4.0
7.4
Vulnerability type
CWE-285
Improper Authorization
CWE-639
Authorization Bypass Through User-Controlled Key
Published: 27 Mar 2026 · Updated: 27 Mar 2026 · First seen: 27 Mar 2026