CVE-2026-6219 | aandrew-me ytDownloader up to 3.20.2 Compressor Feature src/compressor.js child_process.exec command injection

A vulnerability classified as critical has been found in aandrew-me ytDownloader up to 3.20.2. This affects the function child_process.exec of the file src/compressor.js of the component Compressor Feature. This manipulation causes command injection.

The identification of this vulnerability is CVE-2026-6219. The attack can only be executed locally. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure.VulDB Recent EntriesRead More