Yt-Dlp Project Yt-Dlp vulnerabilities

CVE-2026-26331 [HIGH] CWE-78 CVE-2026-26331: yt-dlp is a command-line audio/video downloader. Starting in version 2023.06.21 and prior to version yt-dlp is a command-line audio/video downloader. Starting in version 2023.06.21 and prior to version 2026.02.21, when yt-dlp's `--netrc-cmd` command-line option (or `netrc_cmd` Python API parameter) is used, an attacker could achieve arbitrary command injection on the user's system with a maliciously crafted URL. yt-dlp maintainers assume the impact of

CVE-2025-54072 [HIGH] CVE-2025-54072: yt-dlp is a feature-rich command-line audio/video downloader. In versions 2025.06.25 and below, when yt-dlp is a feature-rich command-line audio/video downloader. In versions 2025.06.25 and below, when the --exec option is used on Windows with the default placeholder (or {}), insufficient sanitization is applied to the expanded filepath, allowing for remote code execution. This is a bypass of the mitigation for CVE-2024-22423 where the default placeholder an

CVE-2024-22423 [CRITICAL] CWE-78 CVE-2024-22423: yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40 yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using `--exec` with `%q` by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment variables. Support for output template expansion in `--e

CVE-2023-46121 [LOW] CWE-444 CVE-2023-46121: yt-dlp is a youtube-dl fork with additional features and fixes. The Generic Extractor in yt-dlp is v yt-dlp is a youtube-dl fork with additional features and fixes. The Generic Extractor in yt-dlp is vulnerable to an attacker setting an arbitrary proxy for a request to an arbitrary url, allowing the attacker to MITM the request made from yt-dlp's HTTP session. This could lead to cookie exfiltration in some cases. Version 2023.11.14 removed the ability

CVE-2023-40581 [HIGH] CWE-78 CVE-2023-40581: yt-dlp is a youtube-dl fork with additional features and fixes. yt-dlp allows the user to provide sh yt-dlp is a youtube-dl fork with additional features and fixes. yt-dlp allows the user to provide shell command lines to be executed at various stages in its download steps through the `--exec` flag. This flag allows output template expansion in its argument, so that metadata values may be used in the shell commands. The metadata fields can be combined

CVE-2023-35934 [HIGH] CWE-200 CVE-2023-35934: yt-dlp is a command-line program to download videos from video sites. During file downloads, yt-dlp yt-dlp is a command-line program to download videos from video sites. During file downloads, yt-dlp or the external downloaders that yt-dlp employs may leak cookies on HTTP redirects to a different host, or leak them when the host for download fragments differs from their parent manifest's host. This vulnerable behavior is present in yt-dlp prior to 20