A vulnerability labeled as problematic has been found in iv-org Invidious up to 25.x . The impacted element is an unknown function of the component RSS Feed Playlist Endpoint . Such manipulation leads to missing authorization. This vulnerability is listed as CVE-2026-57946 . The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.