CVE-2026-26005
published 2026-02-12CVE-2026-26005: ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #45, in Clip Bucket V5, The Remote Play allows creating video entries that reference…
PriorityP429medium5CVSS 3.1
AVNACLPRLUINSCCLINAN
EPSS
0.23%
14.0th percentile
ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #45, in Clip Bucket V5, The Remote Play allows creating video entries that reference external video URLs without uploading the video files to the server. However, by specifying an internal network host in the video URL, an SSRF can be triggered, causing GET requests to be sent to internal servers. An attacker can exploit this to scan the internal network. Even a regular (non-privileged) user can carry out the attack.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| macwarrior | clipbucket-v5 | < 5.5.3 - #45 | 5.5.3 - #45 |
| oxygenz | clipbucket | >= 5.3 < 5.5.3-45 | 5.5.3-45 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-02-12
Published