Authorization Flaws in ClipBucket Video Sharing Platform
CVE-2026-28354

5.7MEDIUM

Key Information:

Vendor: Macwarrior
Status: Clipbucket-v5
Vendor: CVE Published:; 27 February 2026

What is CVE-2026-28354?

ClipBucket v5, an open-source video sharing platform, suffers from significant authorization vulnerabilities prior to version 5.5.3. These flaws enable authenticated users to manipulate collection items belonging to others, specifically through inadequate authorization checks during item addition and deletion processes. The affected functionalities, including adding items via /actions/add_to_collection.php and deleting items through /manage_collections.php?mode=manage_items, allow unauthorized actions due to a lack of proper ownership verification. This oversight poses a risk that could be exploited by malicious actors, compromising the integrity of user collections. The issue has been resolved in version 5.5.3.

Affected Version(s)

clipbucket-v5 < 5.5.3 - #59

References

https://github.com/MacWarrior/clipbucket-v5/security/advi...

x_refsource_CONFIRM

CVSS V4

Score:

5.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 27, 2026
Vulnerability Reserved
Feb 26, 2026

CVE-2026-28354 Data

JSON

Macwarrior

What is CVE-2026-28354?

Affected Version(s)

References

CVSS V4

Timeline