Issue #2051: [yt-dlp] [F44 CLONE] CVE-2026-26331 yt-dlp: yt-dlp: Arbitrary command injection via maliciously crafted URL when --netrc-cmd is used [fedora-all] | rhbz#2442427 - blocker-review

fedora-qa / blocker-review

#2051 [yt-dlp] [F44 CLONE] CVE-2026-26331 yt-dlp: yt-dlp: Arbitrary command injection via maliciously crafted URL when --netrc-cmd is used [fedora-all] | rhbz#2442427

Opened Feb 24, 2026 by blockerbot. Modified Feb 27, 2026

Bug details: ** https://bugzilla.redhat.com/show_bug.cgi?id=2442427 **
Information from BlockerBugs App:
2442427

Current vote summary

Accepted BetaFreezeException (+4, 0, -0)
- +1 by gotmax23, derekenz, ngompa, adamwill

The votes have been last counted at 2026-02-27 02:08 UTC and the last processed comment was #comment-1006988

To learn how to vote, see:
https://pagure.io/fedora-qa/blocker-review
A quick example: BetaBlocker +1 (where the tracker name is one of BetaBlocker/FinalBlocker/BetaFE/FinalFE/0Day/PreviousRelease and the vote is one of +1/0/-1)

gotmax23 commented Feb 25, 2026

BetaFE +1

derekenz commented Feb 25, 2026

BetaFE +1

ngompa commented Feb 25, 2026

BetaFE +1

adamwill commented Feb 27, 2026

BetaFE +1
AGREED AcceptedBetaFE

blockerbot commented Feb 27, 2026

The following votes have been closed:

Accepted BetaFreezeException (+4, 0, -0)
- +1 by gotmax23, derekenz, ngompa, adamwill

Metadata

Assignee

None

Tags

None

Blocking

None

Depending on

None

Priority

None

fedora-qa / blocker-review

#2051 [yt-dlp] [F44 CLONE] CVE-2026-26331 yt-dlp: yt-dlp: Arbitrary command injection via maliciously crafted URL when --netrc-cmd is used [fedora-all] | rhbz#2442427 Opened Feb 24, 2026 by blockerbot. Modified Feb 27, 2026

Current vote summary

Metadata

#2051 [yt-dlp] [F44 CLONE] CVE-2026-26331 yt-dlp: yt-dlp: Arbitrary command injection via maliciously crafted URL when --netrc-cmd is used [fedora-all] | rhbz#2442427

Opened Feb 24, 2026 by blockerbot. Modified Feb 27, 2026