CyberRota
← Ana sayfaya dön

CVE-2026-58447

MEDIUM · CVSS 6.5 Public Exploit

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-06-30T22:16:58.103 · Çekilme zamanı: 2026-07-01T06:08:48.855001+00:00

CyberRota Yorumu

Detaylı analiz gerekiyor.

Public Exploit Sinyali

Bu CVE için açıklama veya referanslarda public exploit / PoC / GitHub / Metasploit sinyali tespit edildi.

Not: Bu bağlantılar yalnızca güvenlik araştırması ve doğrulama amacıyla listelenmiştir.

CVE
CVE-2026-58447
Severity
MEDIUM
CVSS
6.5
EPSS
Yok

Orijinal NVD Açıklaması

Invidious through 2.20260626.0, fixed in commit 77ad416, contains a broken object level authorization vulnerability that allows authenticated attackers to delete videos from other users' playlists by supplying an arbitrary global video index in the remove_video action of the playlist endpoint. Attackers can obtain per-video index values from the public playlist JSON API and submit them to the playlist video deletion endpoint without ownership validation, permanently removing videos from playlists they do not own.