CVE-2026-26005

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

5.0 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N                                    

Vulnerability Description

ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #45, in Clip Bucket V5, The Remote Play allows creating video entries that reference external video URLs without uploading the video files to the server. However, by specifying an internal network host in the video URL, an SSRF can be triggered, causing GET requests to be sent to internal servers. An attacker can exploit this to scan the internal network. Even a regular (non-privileged) user can carry out the attack.

Vulnerability Details

Published Date

February 12, 2026

Last Modified

February 18, 2026

CWE ID

CWE-918

Source

NVD

Vendor

MacWarrior

Product

clipbucket-v5

External References

https://github.com/MacWarrior/clipbucket-v5/commit/a9e0f2322fb37501dfd4f44079fc7826a132503a
https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-69xj-2pq3-5r4v

CVE-2026-26005

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment