NextGuard
UNKNOWNCVE-2026-33735

MyTube has an Improper Access Control that Allows Complete Application Takeover

Platform

sqlite

Component

mytube

Fixed in

1.8.69

View on NVD

MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.69, an authorization bypass in the `/api/settings/import-database` endpoint allows attackers with low-privilege credentials to upload and replace the application's SQLite database entirely, leading to a full compromise of the application. The bypass is relevant for other POST routes as well. Version 1.8.69 fixes the issue.

How to fix

Actualice MyTube a la versión 1.8.69 o posterior. Esta versión corrige la vulnerabilidad de control de acceso que permite la manipulación de la base de datos. La actualización evitará que atacantes con privilegios bajos comprometan la aplicación.

Monitor your dependencies automatically

Get notified when new vulnerabilities affect your projects. Free forever.

Start free