Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Attacker needs no privileges (PR:N) but the victim must use the non-default curl downloader with loaded cookies and follow a malicious link, so AC:H and UI:R; cross-trust-boundary cookie leak gives S:C, C:H, I:N, A:N.
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Lifecycle Timeline
7Blast Radius
ecosystem impact- 5 pypi packages depend on yt-dlp (5 direct, 0 indirect)
Ecosystem-wide dependent count for version 2023.9.24.
DescriptionNVD
Summary
If curl is used an external downloader for yt-dlp, cookies may be leaked to an unintended host upon HTTP redirect or when the host for download fragments differs from their parent manifest's.
This is the equivalent to [GHSA-v8mc-9377-rwjj](<https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-v8mc-9377-rwjj>) for the curl downloader. The vulnerable behavior is present in yt-dlp released since 2023.09.24.
Details
At the file download stage, the cookies are passed by yt-dlp to the file downloader via --cookie. However, unless these are loaded from a file, this operation does not activate the cookie engine. As a result, curl will send cookies with requests to domains or paths for which the cookies are not scoped.
An example of a potential attack scenario exploiting this vulnerability:
- an attacker has crafted a malicious website with an embedded URL designed to be detected by yt-dlp as a video download. This embedded URL has the domain of a trusted site that the user has loaded cookies for, and conducts an unvalidated redirect to a target URL.
- yt-dlp extracts this URL and calculates the cookies which are then passed to
curl. - the download URL redirects to a server controlled by the attacker, to which
curlforwards the user's sensitive cookie information.
Patches
yt-dlp version 2026.06.09 fixes this issue by doing the following:
- Pass the cookies through stdin via
--cookie -ifcurlis version 7.59 or higher. - Pass the cookies via
--cookie /dev/fd/0if the system supports this device file. - In all other cases create a temporary file, save the cookies and then pass via
--cookie <file>.
Workarounds
It is recommended to upgrade yt-dlp to version 2026.06.09 as soon as possible.
For users who are not able to upgrade:
- Do not use
--downloader curl.
AnalysisAI
Cookie disclosure in yt-dlp (2023.09.24 through versions before 2026.06.09) lets a malicious website exfiltrate a victim's authenticated session cookies when the curl external downloader is in use. Because yt-dlp passes cookies to curl via inline --cookie without activating curl's cookie-scoping engine, curl forwards those cookies across HTTP redirects and to fragment hosts that differ from their parent manifest, so an attacker who lures the user into extracting a crafted URL that redirects to attacker infrastructure receives cookies scoped to a trusted site. This is the curl-downloader counterpart to GHSA-v8mc-9377-rwjj. There is no public exploit identified at time of analysis, though the vendor commit includes a regression test proving the leak; EPSS is low (0.27%, 18th percentile) and it is not in CISA KEV.
Technical ContextAI
The flaw lives in yt-dlp's external-downloader integration (yt_dlp/downloader/external.py, CurlFD). At the file-download stage yt-dlp computes which cookies apply and hands them to curl as a literal --cookie "name=value" header string rather than as a cookie file. curl only enables its internal cookie engine - which enforces domain/path scoping and drops cookies on cross-origin redirects - when cookies are loaded from a file (e.g. --cookie <file> / --cookie -). With an inline header, curl treats the cookie as a static request header and replays it verbatim on every hop, including 30x redirects to other hosts and HLS/DASH fragments served from a different host than the manifest. The CWE-200 (Exposure of Sensitive Information) root cause is therefore a missing trust-boundary/scoping check delegated to a tool that does not perform it in the mode used. Affected package per CPE is pkg:pip/yt-dlp (the Python/CLI distribution).
RemediationAI
Vendor-released patch: upgrade to yt-dlp 2026.06.09 (fix commit 2726572520238356bcf64aba2040228648b44c82), which makes curl load cookies through its scoping engine - via stdin (--cookie -) on curl 7.59+, via --cookie /dev/fd/0 where the device file is supported, or otherwise via a temporary cookie file - so domain/path scoping and cross-redirect dropping are enforced. If you cannot upgrade immediately, the vendor's explicit workaround is to stop using the curl external downloader (do not pass --downloader curl, and remove it from any config file or yt-dlp.conf); fall back to the native downloader or another backend, with the trade-off of losing curl's performance/feature behavior. As a defense-specific compensating control, avoid loading sensitive/authenticated cookies (--cookies / --cookies-from-browser) when downloading from untrusted or user-supplied URLs. Advisory and patch references: https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-f7j3-774f-rfhj and https://github.com/yt-dlp/yt-dlp/commit/2726572520238356bcf64aba2040228648b44c82.
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allVendor StatusVendor
SUSE
| Product | Status |
|---|---|
| openSUSE Tumbleweed | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38497
GHSA-f7j3-774f-rfhj