Franklioxygen - Mytube - CRITICAL - CVE-2026-23837. MyTube, a self-hosted video downloader and player, contains a vulnerability that allows unauthenticated users to bypass necessary authentication checks due to improper handling of user authentication. Specifically, when the 'roleBasedAuthMiddleware' receives a request without an authentication cookie, it improperly passes the request through to subsequent handlers, exposing sensitive routes like /api/settings. This flaw compromises application settings, potentially enabling unauthorized modifications to passwords and protected data. Users of MyTube with 'loginEnabled' set to true are at risk, emphasizing the urgent need for updating to version v1.7.66, which addresses this issue by enforcing strict authentication checks. Alternatively, users unable to upgrade should consider using firewalls or reverse proxies to limit access to the affected endpoints.