CVE-2026-7581

MEDIUM 4.3

alexta69 MeTube CORS Policy main.py on_prepare cross-domain policy

CVSS Score

4.3

EPSS Score

0.0%

EPSS Percentile

0th

A security vulnerability has been detected in alexta69 MeTube up to 2026.04.09. This affects the function on_prepare of the file app/main.py of the component CORS Policy. The manipulation leads to permissive cross-domain policy with untrusted domains. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 2026.04.10 is able to mitigate this issue. The identifier of the patch is 0072d3488ae5b8d922d3ee87458d829993742a32. It is recommended to upgrade the affected component.

CWE	CWE-942 CWE-346
Vendor	alexta69
Product	metube
Published	May 1, 2026
Last Updated	May 1, 2026

Stay Ahead of the Next One

Get instant alerts for alexta69 metube

Be the first to know when new medium vulnerabilities affecting alexta69 metube are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

alexta69 / MeTube

2026.04.09

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/360528 vuldb.com: https://vuldb.com/vuln/360528/cti vuldb.com: https://vuldb.com/submit/801529 github.com: https://github.com/az10b/security-advisories/blob/main/cors_MeTube.md github.com: https://github.com/alexta69/metube/pull/949 github.com: https://github.com/alexta69/metube/commit/0072d3488ae5b8d922d3ee87458d829993742a32 github.com: https://github.com/alexta69/metube/releases/tag/2026.04.10 github.com: https://github.com/alexta69/metube/

Credits

🔍 AliAz (VulDB User)