CyberRota
← Ana sayfaya dön

CVE-2026-50574

HIGH · CVSS 8.3 EPSS %0.41 Public Exploit

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-06-23T17:17:03.340 · Çekilme zamanı: 2026-06-30T18:30:17.880447+00:00

CyberRota Yorumu

Detaylı analiz gerekiyor.

Public Exploit Sinyali

Bu CVE için açıklama veya referanslarda public exploit / PoC / GitHub / Metasploit sinyali tespit edildi.

Tespit Edilen Sinyaller
arbitrary code execution code execution
GitHub PoC Linkleri
github.com

Not: Bu bağlantılar yalnızca güvenlik araştırması ve doğrulama amacıyla listelenmiştir.

CVE
CVE-2026-50574
Severity
HIGH
CVSS
8.3
EPSS
%0.41
Windows

Orijinal NVD Açıklaması

yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, if aria2c is used as an external downloader for a fragmented manifest format (such as an HLS/DASH stream), yt-dlp passes insufficiently sanitized input to aria2c that allows an attacker to perform an arbitrary file write. On Windows platforms, this can lead to immediate arbitrary code execution. On non-Windows platforms, this can lead to arbitrary code execution upon the next invocation of yt-dlp. This vulnerability is fixed in 2026.06.09.