从该网页截图中可以获取到以下关于漏洞的关键信息: Title Authorization Bypass vulnerability Package MyTube (npm) Affected and Patched Versions Affected versions: <=1.7.65 Patched versions: 1.7.66 Vulnerability Type Improper Authorization / Authentication Bypass Impact Critical: This flaw enables unauthenticated users to bypass authentication checks in the by simply not providing an authentication cookie, allowing them to: - Access and modify application settings via . - Change administrative and visitor passwords. - Access other protected routes that rely on this middleware. Fixes The vulnerability is fixed in version 1.7.66 (or higher). All users are advised to upgrade to at least version 1.7.64 immediately, as this specific version explicitly blocks requests from unauthenticated users. Workarounds 1. Restricting Network Access: Use a firewall or reverse proxy (like Nginx) to restrict access to the endpoints to trusted IP addresses only. 2. Manual Patch: Edit the source code in to ensure it returns a 401 Unauthorized error when is undefined. Severity Severity Score: Critical (9.8/10) CVSS Metrics Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality, Integrity, Availability: High Referenced Documents [Github Security Advisory - MyTube] Special thanks to p1ngul1n0 for reporting and helping resolve this issue. CVE ID CVE-2026-23837 Weakness (CWE) CWE-863 (Incorrect Authorization)