SSRF Vulnerability in ClipBucket v5 Video Sharing Platform
CVE-2026-26005

5MEDIUM

Key Information:

Vendor: Macwarrior
Status: Clipbucket-v5
Vendor: CVE Published:; 12 February 2026

What is CVE-2026-26005?

ClipBucket v5, an open-source video sharing platform, contains a vulnerability that enables Server-Side Request Forgery (SSRF) attacks. By utilizing the Remote Play feature, malicious actors can create video entries referencing external video URLs. If an internal network address is specified within the URL, the system inadvertently sends GET requests to internal servers. This exploitation can be executed even by non-privileged users, allowing them to scan the internal network and potentially gain access to sensitive data.

Affected Version(s)

clipbucket-v5 < 5.5.3 - #45

References

https://github.com/MacWarrior/clipbucket-v5/security/advi...

x_refsource_CONFIRM

https://github.com/MacWarrior/clipbucket-v5/commit/a9e0f2...

x_refsource_MISC

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 12, 2026
Vulnerability Reserved
Feb 9, 2026

CVE-2026-26005 Data

JSON

Macwarrior

What is CVE-2026-26005?

Affected Version(s)

References

CVSS V3.1

Timeline