PT-2026-4537 · Mytube · Mytube

P1Ngul1N0

Publicado

2026-01-23

Atualizado

2026-02-02

CVE-2026-24139

CVSS v4.0

8.7

Alta

Vetor

AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions MyTube versions 1.7.78 and below

Description The MyTube application does not properly protect against authorization bypass, potentially allowing guest users to download the complete application database. The application does not validate user permissions correctly on the database export endpoint, which allows low-privileged users to access sensitive data they are not authorized to view.

Recommendations Update MyTube to a version higher than 1.7.78.

Exploit

Correção

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862

Identificadores relacionados

CVE-2026-24139

GHSA-HHC3-8Q8C-89Q7

Produtos afetados

Mytube

PT-2026-4537 · Mytube · Mytube

CVE-2026-24139

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10