CVE-2026-26005

Name of the Vulnerable Software and Affected Versions ClipBucket versions prior to 5.5.3

Description ClipBucket is a video sharing platform. A Server-Side Request Forgery (SSRF) can be triggered through the Remote Play feature, which allows creating video entries referencing external video URLs. By specifying an internal network host in the video URL, an attacker can cause the application to send GET requests to internal servers, potentially enabling internal network scanning. This can be exploited even by regular, non-privileged users. The vulnerable functionality involves referencing external video URLs without uploading the video files to the server.

Recommendations Update to version 5.5.3 or later.