Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2026-26331 PoC — yt-dlp 操作系统命令注入漏洞

Source
https://github.com/dxlerYT/CVE-2026-26331
Associated Vulnerability
Title:yt-dlp 操作系统命令注入漏洞 (CVE-2026-26331)
Description:yt-dlp是yt-dlp的基于现在不活动的youtube-dlc 的youtube-dl分支。 yt-dlp 2023.06.21版本至2026.02.21之前版本存在操作系统命令注入漏洞,该漏洞源于使用--netrc-cmd命令行选项时可能允许命令注入,可能导致攻击者在用户系统上执行任意命令。
Description
Proof of Concept for an arbitrary command injection vulnerability in yt-dlp’s --netrc-cmd option (GHSA-g3gw-q23r-pgqm / CVE-2026-26331). Demonstrates shell command execution via maliciously crafted URLs in affected versions (≥ 2023.06.21, < 2026.02.21).
File Snapshot

 None
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.