PT-2026-4537 · Mytube · Mytube
P1Ngul1N0
·
Published
2026-01-23
·
Updated
2026-02-02
·
CVE-2026-24139
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
MyTube versions 1.7.78 and below
Description
The MyTube application does not properly protect against authorization bypass, potentially allowing guest users to download the complete application database. The application does not validate user permissions correctly on the database export endpoint, which allows low-privileged users to access sensitive data they are not authorized to view.
Recommendations
Update MyTube to a version higher than 1.7.78.
Exploit
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mytube