CVE-2026-57946
EUVD-2026-4016329.06.2026, 18:16
Invidious before version 2.20260626.0 contains a broken access control vulnerability that allows unauthenticated attackers to retrieve private playlist contents by accessing the RSS feed playlist endpoint without authentication. Attackers can supply a playlist ID to the feed endpoint to obtain the full playlist contents, owner email address, and associated video entries without any authentication.Enginsight
Awaiting analysis
This vulnerability is currently awaiting analysis.
Common Weakness Enumeration
References