CVE-2026-26997

Description

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 #59, a normal authenticated user can store the XSS payload. The payload is triggered by administrator. Version 5.5.3 #59 fixes the issue.

CVSS breakdown

CVSS 4.0

Attack Vector

Network

Attack Complexity

Low

Attack Requirements

None

Privileges Required

Low

User Interaction

Passive

Confidentiality (Vulnerable System)

None

Integrity (Vulnerable System)

None

Availability (Vulnerable System)

None

Confidentiality (Subsequent System)

Low

Integrity (Subsequent System)

Low

Availability (Subsequent System)

None

Physical

Affected products

MacWarrior / clipbucket-v5< 5.5.3 #59 – < 5.5.3 #59

References

VENDOR_ADVISORYhttps://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-97r6-4hmx-hcrh
PATCHhttps://github.com/MacWarrior/clipbucket-v5/commit/2da4c8e41f9e4baf47ff89f8a674fbe9b63ac76d