Updated yt-dlp packages fix security vulnerability
Publication date: 10 Mar 2026Modification date: 10 Mar 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-26331
Description
When yt-dlp's --netrc-cmd command-line option (or netrc_cmd Python API
parameter) is used, an attacker could achieve arbitrary command
injection on the user's system with a maliciously crafted URL.
References
SRPMS
9/core
- yt-dlp-2026.03.03-1.1.mga9