CVE-2026-33935 | franklioxygen MyTube up to 1.8.71 login-attempts.json recordFailedAttempt timestamps/cooldown excessive authentication (GHSA-6w95-qgc4-5jxf / EUVD-2026-16521)

A vulnerability marked as problematic has been reported in franklioxygen MyTube up to 1.8.71. Affected by this issue is the function recordFailedAttempt of the file login-attempts.json. Performing a manipulation of the argument timestamps/cooldown results in improper restriction of excessive authentication attempts.

This vulnerability is known as CVE-2026-33935. Remote exploitation of the attack is possible. No exploit is available.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More